CERTitude - The seeker of IOC
Description
CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioural patterns described in IOC (Indicator Of Compromise) files.
Notable features:
- Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
- Ability to retrieve some pieces of data from the hosts
- Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
- Built with security considerations in mind (protected database, secure communications with hosts using IPSec)
Documentation: https://github.com/CERT-W/certitude/wiki
Contributors
Developers
- Aurélien BAUD
- Adrien DEGRANGE
- Thomas LABADIE
- Jean MARSAULT
- Vincent NGUYEN
- Fabien SCHWEBEL
- Antoine VALLEE
External dependencies
- Plyara : https://github.com/8u1a/plyara/
Copyright © Wavestone 2017