Differences

This shows you the differences between two versions of the page.

--- soc:tools:start [2026/06/10 14:16] – titannet
+++ soc:tools:start [2026/06/10 15:04] (current) – titannet
@@ Line 6: / Line 6: @@
   * [[kibana]]
   * [[splunk]]
 ===== Network =====
-[[wireshark]]
+  * [[wireshark]]
@@ Line 17: / Line 16: @@
 ===== IR =====
-  * [[x-ways]]
+  * [[velociraptor]]
+    * remote artefact collection and administration
+  * [[iris]]
+    * Collaborative Incident Response Platform
+  * [[x_ways]]
   * [[axiom]]
-  * [[f-Response]]
+  * [[f_Response]]
   * [[arsenal_image_mounter]]
   * [[magnet_ram_capture]]
@@ Line 28: / Line 31: @@
   * [[regripper]]
   * [[ghidra]]
+===== Commandline =====
   * [[evtwalk]]
     * Parse Windows Event Logs
-  * [[yaru]]
-    * Yet another registry utility
-  * [[usp]]
-    * USB parser
   * [[dissect]]
     * Analysis of file systems and images
   * [[timelines]
     * tools like [[plaso]], [[log2timeline]], [[timesketch]]
+  * [[hayabusa]]
+    * Parses windows event logs or sysmon/linux
+===== Windows GUI =====
+  * [[memprocfs]]
+  * [[wireshark]]
+  * [[networkminer]]
+  * [[snort]]
+  * [[zeek]]
+  * [[yaru]]
+    * TZworks, yet another registry utility
+  * [[usp]]
+    * TZWorks, USB parser
+  * [[sysinternals]]
+    * tcpview, resmon,
+===== Malware Analysis =====
+  * [[https://threatfox.abuse.ch]]
+  * [[https://bazaar.abuse.ch]]
+  * [[https://thalosintelligence.com]]
+  * [[https://www.virustotal.com]]
 ==== Data Collection ====
@@ Line 52: / Line 82: @@
+==== Active Directory ====
+ * [[ping_castle]]

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences