Cyber Security
Intrusion Response Tools
SERVICE: Velociraptor
SKILL LEVEL:
OWNER: Rapid7
DESCRIPTION:
Velociraptor allows incident response teams to rapidly collect and examine artifacts from across a network, and deliver forensic detail following a security incident. In the event of an incident, an investigator controls the Velociraptor agents to hunt for malicious activity, run targeted collections, perform file analysis, or pull large data samples. The Velociraptor Query Language (VQL) allows investigators to develop custom hunts to meet specific investigation needs with the ability to adapti queries quickly in response to shifting threats and new information gained through the investigation.
LINK: GitHub - Velocidex/velociraptor: Digging Deeper....
SERVICE: Timesketch
SKILL LEVEL:
OWNER: Open Source
DESCRIPTION:
Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches, users and their collaborators can easily organize timelines and analyze them all at the same time.
LINK: https://timesketch.org/
SERVICE: Turbinia
SKILL LEVEL:
OWNER: Google
DESCRIPTION:
Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads.
LINK: https://turbinia.readthedocs.io
SERVICE: dfTimewolf
SKILL LEVEL:
OWNER: Google
DESCRIPTION:
dfTimewolf is an open-source framework for orchestrating forensic collection, processing, and data export.
LINK: https://dftimewolf.readthedocs.io
SERVICE: VMware ESXi - Free
SKILL LEVEL:
OWNER: VMware
DESCRIPTION:
This tool can be used when setting up an environment to analyze malware. It is a bare-metal hypervisor that installs directly onto a physical server, providing direct access to, and control of, underlying resources. It can be used to effectively partition hardware to consolidate applications.
LINK: https://www.vmware.com/products/esxi-and-esx.html
Cyber Security Cafe
Cyber Security Cafe is a private public service and offers no goods or services other than posting the current cyber threats we are facing and what we can do to prevent us from being affected and if we are, what we can do to correct the problems and to avoid intrusions in the future.
- Prevention often means not accepting the 'easy' ways.
- Most of Modern Technology exists in order to obtain your personal data.
Current Threats
Current Treats so you the latest and often most dangerous cyber threats. They indicate where they orininated from, and what areas they are targeting. By knowing in advance you can take precautionary actions now, before it's too late.
Cyber Solutions
Are a group of tools and information that is designed to keep you up to date and to give you the tools to protect both your network and equipment. Most of the tools are available 'free of charge' too and are provided by safe governmental agencies.