×

Irish Information Security Forum

Prepare to Respond if an Intrusion Occurs

 

 
ServiceSkill Level

OwnerDescriptionLink
Caldera (MITRE ATT&CK) Basic MITRE Built on MITRE-ATT&CK Framework: A cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.

GitHub - mitre/caldera: Automated Adversary Emulation Platform
OpenSSH Suite Basic Open BSD Project This connectivity tool is used for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. OpenSSH also provides suite of secure tunneling capabilities, several authentication methods, and configuration options.

OpenSSH
Metaspolit Framework Basic Rapid7 This computer security project provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

Metasploit | Penetration Testing Software, Pen Testing Security | Metasploit
GRR Rapid Response Basic Google GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.

https://grr-doc.readthedocs.io
PacketBasics Basic ExtraHop Designed to integrate with AWS environments, this PCAP tool is a subset of the Reveal(x) NDR platform. PacketsBasics might help some organizations develop a more comprehensive approach to tackling M-21-31 and EO-14028 modernization requirements. 

Introducing ExtraHop Packet Basics
Microsoft PsExec Advanced Microsoft PsExec is a lightweight telnet replacement that lets users execute processes on other systems (complete with full interactivity for console applications) without having to manually install client software. PsExec's uses include launching interactive command-prompts on remote systems and remote-enabling tools such as IpConfig that otherwise do not have the ability to show information about remote systems.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
VMware Workstation Player Advanced VMware This tool runs a single virtual machine on a Windows or Linux PC. It can be used when setting up an environment to analyze malware.

https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
VMware ESXi - Free Advanced VMware This tool can be used when setting up an environment to analyze malware. It is a bare-metal hypervisor that installs directly onto a physical server, providing direct access to, and control of, underlying resources. It can be used to effectively partition hardware to consolidate applications.

https://www.vmware.com/products/esxi-and-esx.html
dfTimewolf Advanced Google dfTimewolf is an open-source framework for orchestrating forensic collection, processing, and data export.

https://dftimewolf.readthedocs.io
Turbinia Advanced Google Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads.

https://turbinia.readthedocs.io
Timesketch Advanced Open Source Timesketch is an open-source tool for collaborative forensic timeline analysis. Using sketches, users and their collaborators can easily organize timelines and analyze them all at the same time.

https://timesketch.org/
Velociraptor Advanced Rapid7 Velociraptor allows incident response teams to rapidly collect and examine artifacts from across a network, and deliver forensic detail following a security incident. In the event of an incident, an investigator controls the Velociraptor agents to hunt for malicious activity, run targeted collections, perform file analysis, or pull large data samples. The Velociraptor Query Language (VQL) allows investigators to develop custom hunts to meet specific investigation needs with the ability to adapti queries quickly in response to shifting threats and new information gained through the investigation.

GitHub - Velocidex/velociraptor: Digging Deeper....

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


FORUM SPONSORS

We would like to thank these generous sponsors for their support. 

crowdstrike logo

zscaler logo

 

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy Statement  - Sponsorship  - Cybersecurity News Topics  - Cybersecurity Resources  - Produced by
LinkedIn Twitter