Home Software CERTitude – The seeker of IOC

CERTitude – The seeker of IOC

0
0
537

CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioural patterns described in IOC (Indicator Of Compromise) files.

Notable features:

  • Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
  • Ability to retrieve some pieces of data from the hosts
  • Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
  • Built with security considerations in mind (protected database, secure communications with hosts using IPSec)

Learn more about the tool here.

Load More Related Articles
  • Make Your Debian a Forensic Workstation

    If you are looking for a SIFT replacement and already have a Debian workstation, this pack…
  • Autopsy 4.6.0 Linux Beta 1

    The first beta Linux version of your favourite open source DFIR tool Autopsy. You can down…
  • Introducing USB Detective

    Jason Hale has presented his USB Detective tool in this post. USB Detective aims to ease t…
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *