WithSecure Labs

All

41 repositories

chainsaw
Public
Rapidly Search and Hunt through Windows Forensic Artefacts
windows rust security
windows rust security attack detection logs forensics dfir threat-hunting sigma
Rust
•
GNU General Public License v3.0
•297•3.5k•10•1•Updated Mar 2, 2026Mar 2, 2026
Kanvas
Public
A simple-to-use IR (incident response) case management tool for tracking and documenting investigations.
incident-response incident-management incident-response-tooling
incident-response incident-management incident-response-tooling dfir-tools
Python
•
GNU General Public License v3.0
•66•441•4•0•Updated Feb 13, 2026Feb 13, 2026
iocs
Public
YARA
•
BSD 2-Clause "Simplified" License
•7•17•0•0•Updated Jan 22, 2026Jan 22, 2026
CallStackSpoofer
Public
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
spoofer countercept
spoofer countercept
C++
•
Apache License 2.0
•72•559•1•0•Updated Apr 8, 2025Apr 8, 2025
tau-engine
Public
A document tagging library
rust yaml rule-engine
rust yaml rule-engine tau countercept detection-engine
Rust
•
MIT License
•4•33•0•0•Updated Mar 27, 2025Mar 27, 2025
deject
Public
Memory dump and Sample analysis tool
Python
•
GNU General Public License v3.0
•1•18•0•0•Updated Mar 17, 2025Mar 17, 2025
mongo-rs
Public
A higher-level wrapper on top of the official bson & mongodb crates.
rust mongodb countercept
rust mongodb countercept
Rust
•
MIT License
•5•17•5•0•Updated Dec 3, 2024Dec 3, 2024
python-exe-unpacker
Public
A helper script for unpacking and decompiling EXEs compiled from python code.
unpacker countercept
unpacker countercept
Python
•
GNU General Public License v3.0
•351•996•18•5•Updated Aug 15, 2024Aug 15, 2024
LinuxCatScale
Public
Incident Response collection and processing scripts with automated reporting scripts
linux collection incident-response
linux collection incident-response triage countercept
Shell
•
GNU General Public License v3.0
•59•322•0•0•Updated Jun 25, 2024Jun 25, 2024
hl7magic
Public
A Burp extension to allow for easy modification of HL7 messages sent to and from medical devices.
Python
•
Apache License 2.0
•2•8•0•0•Updated Mar 25, 2024Mar 25, 2024
opencti-attribution-tools
Public
Python
•0•0•0•0•Updated Sep 11, 2023Sep 11, 2023
snake
Public
snake - a malware storage zoo
python snake countercept
python snake countercept
Shell
•
BSD 3-Clause "New" or "Revised" License
•38•217•4•0•Updated Jul 11, 2023Jul 11, 2023
snake-skin
Public
snake-skin - the web ui for snake
svelte snake countercept
svelte snake countercept
Svelte
•2•3•0•20•Updated Jul 11, 2023Jul 11, 2023
snake-core
Public
snake-core - the real snake
python snake countercept
python snake countercept
Python
•
BSD 3-Clause "New" or "Revised" License
•5•15•6•6•Updated Jul 11, 2023Jul 11, 2023
snake-scales
Public
snake-scales - the default repository of snake scales
python snake countercept
python snake countercept snake-scales
Python
•
BSD 3-Clause "New" or "Revised" License
•4•7•1•0•Updated Jul 10, 2023Jul 10, 2023
GarbageMan
Public
GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
C++
•
MIT License
•15•119•0•0•Updated Apr 8, 2023Apr 8, 2023
datamate
Public
netflow data-visualization countercept
netflow data-visualization countercept
Python
•2•8•0•0•Updated Mar 24, 2023Mar 24, 2023
detectree
Public
Data visualization for blue teams
detection visualisation svelte
detection visualisation svelte countercept
Svelte
•
GNU General Public License v3.0
•5•126•0•0•Updated Jan 20, 2023Jan 20, 2023
soccrates_adapters
Public
Helpers for adapting data from Elements Vulnerability Management to be used in Soccrates EU project
python
python
Python
•
Apache License 2.0
•0•0•0•0•Updated Nov 28, 2022Nov 28, 2022
TickTock
Public
C++
•17•113•1•0•Updated Oct 10, 2022Oct 10, 2022
dreamer
Public
Easier cloud infrastructure with Terraform and Ansible
python ansible devops
python ansible devops automation terraform
Python
•
MIT License
•1•4•0•0•Updated Sep 9, 2022Sep 9, 2022
ESFang
Public
ESF modular ingestion tool for development and research.
countercept
countercept
Objective-C
•7•38•0•0•Updated Dec 21, 2021Dec 21, 2021
FLAIR
Public
F-Secure Lightweight Acqusition for Incident Response (FLAIR)
windows forensics triage
windows forensics triage
Batchfile
•
GNU General Public License v3.0
•2•16•0•0•Updated Jul 5, 2021Jul 5, 2021
macOSTriageCollectionScript
Public
A triage data collection script for macOS
collection incident-response triage
collection incident-response triage countercept
Shell
•
GNU General Public License v3.0
•5•29•0•0•Updated Nov 27, 2020Nov 27, 2020
lazarus-sigma-rules
Public
lazarus rules sigma
lazarus rules sigma countercept
3•19•0•0•Updated Oct 23, 2020Oct 23, 2020
snake-tail
Public
snake-tail - the command line ui for snake
snake countercept
snake countercept
Python
•
BSD 3-Clause "New" or "Revised" License
•3•1•2•0•Updated Aug 16, 2020Aug 16, 2020
ppid-spoofing
Public
Scripts for performing and detecting parent PID spoofing
spoofing countercept
spoofing countercept
PowerShell
•
BSD 3-Clause "New" or "Revised" License
•20•147•0•1•Updated May 16, 2020May 16, 2020
AMSIDetection
Public
AMSI detection PoC
countercept
countercept
C#
•6•31•0•0•Updated Apr 14, 2020Apr 14, 2020
RemotePSpy
Public
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have com…
countercept
countercept
Python
•
Other
•11•19•0•1•Updated Mar 12, 2020Mar 12, 2020
doublepulsar-detection-script
Public
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
script security-scanner security-tools
script security-scanner security-tools doublepulsar countercept
Python
•
BSD 3-Clause "New" or "Revised" License
•313•1k•8•3•Updated Feb 3, 2020Feb 3, 2020