Here I've collected usefull tools in the area of DFIR, Threat Hunting and Detection
- HxD, GUI Hexdump
- Cyber Chef
- PEStudio is a tool used for statically analyzing malware (PE files)
- CFF Explorer contains enhanced PE32/64 with fields description, utilities, a hex editor, and support NET structures
- Volatility allows us to analyze and understand memory dumps
- FTK Imager is a data preview and imaging tool used to acquire data (evidence) in a forensically sound manner by creating copies of data without making changes to the original evidence
- AVML is a volatile memory acquisition tool for Linux written in Rust. It can be used to acquire memory without knowing the target OS distribution or kernel, and no on-target compilation or fingerprinting is needed
- PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques