The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
With some useful enhanced features!
Services like Amazon’s S3 have made it easier and cheaper than ever to store large quantities of data in the cloud. Used properly, S3 buckets are a useful tool, however a lot of companies fail to implement basic security resulting in catastrophic data breaches.
Dynamic and static malware analysis using a lot of preconfigured environments.
PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.