Forensics on HackyFeed

Anthropic-Cybersecurity-Skills

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Anthropic Cybersecurity Skills is an extensive open-source repository that provides AI agents access to 753 structured cybersecurity skills across 26 domains, offering capabilities such as memory forensics and Kubernetes RBAC auditing. The skills adhere to the agentskills.io standard, featuring a YAML structure for quick discovery and are fully mapped to MITRE ATT&CK and aligned with NIST CSF 2.0, enabling AI agents to perform advanced security tasks with enhanced contextual knowledge. This tool simplifies installation and empowers various platforms like Claude Code and GitHub Copilot to integrate these capabilities efficiently.

APKiD

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: APKiD is a tool designed to analyze Android APK files by identifying various compilers, packers, and obfuscators used in their creation, functioning similarly to PEiD for Windows applications. It supports configurable scanning options, outputs results in JSON format, and facilitates contributions for recognizing additional packaging methods. The tool is primarily used for Android security analysis, aiding in the detection of pirated or malicious applications.

README

APKiD

asn

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The ASN Lookup Tool and Traceroute Server is a command line utility designed for network analysis, facilitating OSINT investigations through various capabilities including ASN lookup, RPKI validity checks, and geolocation of IP addresses. Key features include JSON output for API integration, support for querying multiple simultaneous targets, and integration with Shodan for reconnaissance without direct interaction with the target systems. This tool is particularly useful in incident response scenarios, providing comprehensive network data insights while maintaining stealth.

Awesome-Blackhat-Tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Awesome Black Hat Tools is a curated repository of cybersecurity tools showcased at Black Hat events globally, serving as a practical reference for professionals in offensive, defensive, and research-driven cybersecurity. The tools are systematically organized by event location, year, and category, including Red Teaming, OSINT, and more, ensuring easy accessibility for users seeking field-tested solutions. This repository encourages community contributions to continually enhance the collection, making it a dynamic resource for current cybersecurity methodologies.

awesome-hacking

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Awesome hacking is an awesome collection of hacking tools.

Awesome hacking is an awesome collection of hacking tools.

Bashfuscator

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Bashfuscator is a modular Bash obfuscation framework implemented in Python 3 that specializes in generating highly obfuscated Bash commands and scripts to evade detection on Linux systems. Designed for both Red Team and Blue Team operations, it allows users to produce randomized, convoluted Bash code that still executes the intended commands, effectively aiding in the development of obfuscation techniques and detection testing. Key features include command line and library usage, a variety of obfuscation mutators, and compatibility with GNU Linux systems running Bash 4.0 or newer.

BlueTeam-Tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: BlueTeam-Tools is a comprehensive repository comprising over 65 tools and resources tailored for blue teaming activities, encompassing tasks such as network discovery, vulnerability management, and security monitoring. Notable features include a variety of specialized scanners like Nmap and OpenVAS, as well as systems for data visualization and malicious traffic detection, aimed at enhancing defensive cybersecurity measures. This collection serves as an essential toolkit for security professionals focusing on threat detection and incident response.

ctf-skills

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The ctf-skills repository provides an extensive collection of agent skills designed to facilitate the solving of Capture The Flag (CTF) challenges across various domains, including web exploitation, binary pwn, reverse engineering, and more. Notable features include support for multiple installation methods, a comprehensive tool installer script, and detailed skill documentation for on-demand use, allowing users to efficiently integrate the necessary tools as challenges arise. It is compatible with any tool adhering to the Agent Skills specification, enhancing its versatility in competitive cybersecurity contexts.

cybersecurity-career-path

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The cybersecurity-career-path repository provides a comprehensive guide to various career trajectories within cybersecurity, detailing essential skills, training, and resources for both offensive and defensive roles. Notable features include a structured overview of job titles, practical utilities, and a free platform called Career Coach for personalized career advancement. It serves as a valuable resource for individuals at any stage of their cybersecurity journey.

README

UPDATE: We’ve expanded our repository with complete career paths, essential skills training, and a ton of practical utilities and materials named Career Coach ; all available for free! Whether you’re just starting out or looking to level up, enroll in any career path at no cost, keep progressing, and fuel your professional growth with these comprehensive tools designed to help you succeed. Check out our app for seamless access and personalized guidance! Career Coach

Cybersecurity Career Path ⬆️

DataSurgeon

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: DataSurgeon is a comprehensive tool for extracting sensitive information pertinent to incident response, DLP, penetration testing, and CTF challenges. It supports extraction of a wide range of data types—including emails, credit cards, URLs, and various hashes—across multiple operating systems, and features a plugin management system that allows users to extend its functionality. Notable features include recursive file analysis, CSV output capabilities, and multi-platform support enabling usage on Windows, Linux, and macOS.

Digital-Forensics-Guide

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Digital Forensics Guide serves as a comprehensive resource for those engaged in digital forensics, providing a compilation of applications, libraries, and tools essential for effectively conducting forensic investigations. The guide includes sections on various forensic fields such as computer, mobile, and network forensics, along with curated lists of tutorials, certifications, and frameworks to enhance practitioners’ skills and knowledge. Notable features include playbooks for practical application and a structured format for easy navigation through key topics.

fame

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: FAME (FAME Automates Malware Evaluation) is a Python-based framework designed to automate and enhance the analysis of malicious files, enabling analysts to quickly identify malware families and extract relevant configurations and indicators of compromise (IOCs). The tool utilizes Flask for its web interface and Celery for managing background tasks, streamlining the end-to-end analysis process. FAME aims to empower malware analysis efforts by providing an efficient and user-friendly solution for processing malware samples.

FBI-tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: FBI-tools is a comprehensive Open Source Intelligence (OSINT) toolkit featuring a variety of tools for analysts to gather and analyze data from multiple online sources. Its notable features include domain squatting detection with SquatSquasher, web reconnaissance capabilities with reNgine, and efficient user account searches across platforms using UsernameSearchOSINT. Additionally, the collection encompasses specialized tools for investigating social media, phone numbers, and dark web intelligence, streamlining the OSINT process.

Forensia

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Forensia is an anti-forensics tool designed for red teamers to eliminate traces during the post-exploitation phase. Its primary use case is to enhance evasion by supporting various functionalities such as unloading Sysmon drivers, employing the Gutmann method for file shredding, and disabling multiple logging mechanisms. Notable features include log erasure, file melting capabilities, and the ability to clear recent user activity and cache, thereby reducing the likelihood of detection by incident response teams.

hackdroid

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: HackDroid is a comprehensive collection of penetration testing and security-related applications tailored for Android devices. It organizes applications into diverse categories, including forensics, networking, and cryptography, to facilitate easy access and download, while emphasizing the necessity of root permissions and ethical use cases. Notable features include a wide range of tools for various hacking and security tasks, and guidance for use on secondary devices to mitigate risks.

README

Hacking-Tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Hacking-Tools is a curated collection of penetration testing and ethical hacking utilities, including essential tools from Kali Linux. It is organized into categories such as information gathering, vulnerability analysis, and exploitation tools, facilitating easy navigation and use. Notable features include a featured tool, BugBoard, designed to automate vulnerability detection for bug bounty hunters and security researchers.

README

Hacking-Tools

A curated list of penetration testing and ethical hacking tools, organized by category. This collection includes Kali Linux tools and other notable utilities.

hollows_hunter

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Hollows Hunter is a command-line tool designed to identify and dump potentially malicious implants in processes by utilizing the PE-sieve passive memory scanner. Its primary use case includes scanning processes based on various criteria, such as process name and creation time, and it offers capabilities for continuous memory scanning and ETW listening. Notable features include the ability to scan all processes if no specific targets are specified, and support for multiple input criteria for enhanced targeting.

Infosec_Reference

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The InfoSec Reference project serves as a comprehensive resource for individuals seeking to enhance their understanding of Information Security, offering a curated list of techniques, tools, and tactics. Its primary use case revolves around providing a “Yellow Pages” style reference for users to browse and learn about various aspects of infosec, helping them build skills and recall pertinent information. Notably, it encourages community contributions and maintains regular updates, while emphasizing a commitment to ethical practices in cybersecurity.

mal_unpack

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: mal_unpack is a dynamic malware unpacker that leverages PE-sieve to deploy packed malware, allowing it to unpack and dump the payload while terminating the original process. Its primary use case is for malware analysis in controlled environments, with notable features including options for dumping implanted PEs, shellcodes, and modified artifacts, as well as performance enhancements through an auxiliary driver.

README

mal_unpack

malcom

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Malcom is a malware communication analyzer that visualizes network traffic to identify interactions with known malware sources, thereby aiding in malware analysis and intelligence gathering. Its primary use case is to detect command and control servers, monitor peer-to-peer networks, and unravel DNS fast-flux infrastructures. Notable features include its ability to convert complex network traffic data into actionable intelligence and a user-friendly graphical interface for rapid analysis.

README

Malcom - Malware Communication Analyzer

Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.

matano

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Matano is an open-source cloud-native security data lake specifically designed for AWS, enabling security teams to normalize and manage security logs effectively. Its notable features include the ability to integrate with over 50 log sources, support for Detection-as-Code using Python, serverless architecture for scalability, and vendor-neutral ownership through open standards. The tool aims to enhance SIEM capabilities by providing a cost-effective and versatile solution for security data management and analysis.

my-arsenal-of-aws-security-tools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: My Arsenal of AWS Security Tools is a curated collection of open-source tools designed to enhance security in AWS environments through various functionalities, including defensive hardening, offensive testing, and security auditing. Notable features include comprehensive coverage of cloud security best practices and continuous monitoring capabilities, facilitating improved incident response and compliance with standards such as CIS and GDPR. This repository serves as a resource for security practitioners aiming to bolster their AWS security posture.

oletools

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: oletools is a Python package designed for analyzing Microsoft OLE2 files, including older Microsoft Office documents, MSI files, and Outlook messages, primarily for malware detection, forensics, and debugging. Key features include the ability to detect, extract, and analyze VBA macros, OLE objects, Excel 4 macros (XLM), DDE links, and capabilities for analyzing RTF and OpenXML files. The tool is built on the olefile parser, enhancing its functionality with various detection mechanisms and logging options.

Open-Source-Security-Guide

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The Open Source Security Guide serves as a comprehensive resource for enhancing the security of systems and networks by providing tutorials, standards, and tools relevant to open-source security practices. It includes sections on security certifications, threat models, and various security frameworks, along with a curated list of tools and resources to improve security operations. Notably, it aims to foster a collaborative environment for sharing best practices and advancing security through community initiatives.

operative-framework

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Operative Framework is a digital investigation tool designed for interacting with multiple targets, executing a variety of modules, and managing links with these targets. Its notable features include the ability to export reports in PDF format, support for crafting custom modules, and a RESTful API for integration, all underpinned by a redesigned architecture in Rust for enhanced performance and functionality.

README

operative framework is a digital investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.

pe-sieve

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: PE-sieve is a lightweight malware detection tool that scans individual processes for malicious implants such as injected PEs, shellcodes, and various in-memory modifications. It effectively identifies techniques like Process Hollowing and Reflective DLL Injection, allowing for the extraction and analysis of detected threats. Additionally, PE-sieve can be integrated as a DLL with a simple API for use in other applications, enhancing its versatility in malware analysis workflows.

README

prowler

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Prowler is an open-source cloud security platform that automates security assessments and compliance checks across various cloud environments. It features hundreds of customizable security checks and integration capabilities, enabling organizations to implement real-time monitoring and remediation for enhanced cloud security. Designed for scalability and cost-effectiveness, Prowler simplifies the complexities of cloud security management for organizations of all sizes.

README

Prowler is the Open Cloud Security platform trusted by thousands to automate security and compliance in any cloud environment. With hundreds of ready-to-use checks and compliance frameworks, Prowler delivers real-time, customizable monitoring and seamless integrations, making cloud security simple, scalable, and cost-effective for organizations of any size.

RecoverPy

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: RecoverPy is a data recovery tool that scans raw disk partitions to recover deleted files by directly inspecting disk blocks and searching for specific byte patterns. Designed primarily for forensic data recovery, it allows users to navigate adjacent blocks to retrieve fragmented data while ensuring that the entire scanning process is memory-efficient and focused solely on raw data, without attempting any filesystem interpretations. Notably, it facilitates efficient block inspection and content extraction, though success depends on the integrity of the underlying disk blocks.

sectemplates

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: SecTemplates is a resource repository designed for infosec professionals and engineering teams lacking dedicated security personnel, providing templates for various security programs such as bug bounties, incident response, and vulnerability management. The tool offers structured starting points including checklists, runbooks, and document templates, facilitating the establishment and scaling of security initiatives while maintaining neutrality towards specific vendors. Content is freely available for personal and commercial use, barring resale in other products.

sysmon-modular

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: sysmon-modular is a modular Sysmon configuration repository designed for customization and maintenance of Microsoft Sysinternals’ Sysmon tool. Its primary use case is to generate tailored event logging configurations for monitoring system behavior and enhancing threat detection in diverse environments. Notable features include pre-generated configurations catering to different verbosity levels, a flexible module system for incorporating custom configurations, and automated XML generation through a PowerShell script integrated with Azure Pipelines.

TryHackMe-Roadmap

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: The TryHackMe Road Map repository provides a comprehensive list of over 350 free TryHackMe rooms categorized by various cybersecurity topics to facilitate learning and practice in ethical hacking. Its primary use case is to help individuals, from beginners to advanced users, streamline their training by accessing a structured pathway through challenges in areas such as Linux fundamentals, web security, and more. Notable features include the organization of topics for a sequential learning approach and the inclusion of various practical scenarios to enhance hands-on experience in cybersecurity.

Watcher

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Watcher is an AI-powered automated cybersecurity threat detection platform built on Django and React JS, enabling organizations to proactively identify and monitor emerging cybersecurity threats. Its primary use case includes automated intelligence analysis, real-time alerts for trending cybersecurity topics, and comprehensive domain management to combat potential cyber threats. Notable features encompass information leak monitoring, malicious domain surveillance, and integration with external threat intelligence sources for enhanced situational awareness.

wazuh

Mon, 30 Mar 2026 00:00:00 +0000

AI Summary: Wazuh is an open-source security platform designed for threat prevention, detection, and response across various environments, including on-premises, virtualized, containerized, and cloud settings. It features an endpoint security agent that collects data for analysis by a centralized management server, fully integrated with the Elastic Stack for enhanced search and visualization of security alerts. Key capabilities include intrusion detection, log data analysis, file integrity monitoring, vulnerability detection, configuration assessment, and automated incident response, making it a comprehensive tool for maintaining security compliance and mitigating threats.