The Hive

TheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs, and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open-source analysis engine, you can analyze (and triage) observables at scale using more than 100 analyzers.

Its official website: https://thehive-project.org

OSSIM

OSSIM (Open Source Security Information Management) is open-source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection, and prevention.AlienVault began selling a commercial derivative of OSSIM ('AlienVault Unified Security Management). AlienVault was acquired by AT&T Communications and renamed AT&T Cybersecurity in 2019.

As a SIEM system, OSSIM is intended to give security analysts and administrators a more complete view of all the security-related aspects of their system, by combining log management which can be extended with plugins and asset management and discovery with information from dedicated information security controls and detection systems. This information is then correlated together to create contexts to the information not visible from one piece alone. Alarm and availability views along with reporting capabilities are provided to enhance the capabilities of the tool and its utility to the security and systems engineers. 

You can download it from here: https://cybersecurity.att.com/products/ossim

Its official website: Cyb3rWard0g/HELK: The Hunting ELK - GitHub

Nmap

Scanning is one of the required steps in every attacking operation. After gathering information about a target you need to move on to another step which is scanning. If you are into information security you should have Nmap in your arsenal. Nmap (The abbreviation of Network mapper) is the most powerful network scanner. It is free and open-source. It gives you the ability to perform different types of network scans in addition to other capabilities thanks to its provided scripts. Also, you can write your own NSE scripts.

You can download it from here: https://nmap.org/download.html

Volatility

Memory malware analysis is widely used for digital investigation and malware analysis. It refers to the act of analyzing a dumped memory image from a targeted machine after executing the malware to obtain multiple numbers of artifacts including network information, running processes, API hooks, kernel loaded modules, Bash history, etc. Volatility is the most suitable tool to do that. It is an open-source project developed by the volatility foundation. It can be run on Windows, Linux, and macOS. Volatility supports different memory dump formats including dd, Lime format, EWF, and many other files.

You can download Volatility from here: https://github.com/volatilityfoundation/volatility

Demisto Community Edition

Security Orchestration, Automation, and Response or simply SOAR are very effective platforms and tools to avoid analysts fatigue by automating many repetitive security tasks. One of the most-known platforms is Demisto. The platform provides also many free playbooks.

You can download the community edition from here: https://www.demisto.com/community/

Wireshark

Communication and networking are vital for every modern organization. Making sure that all the networks of the organization are secure is a key mission. The most suitable tool that will help you monitor your network is definitely Wireshark. Wireshark is a free and open-source tool to help you analyze network protocols with deep inspection capabilities. It gives you the ability to perform live packet capturing or offline analysis. It supports many operating systems including Windows, Linux, macOS, FreeBSD, and many more systems.

You can download it from here: https://www.wireshark.org/download.html

Atomic Red Team

Atomic Red Team allows every security team to test their controls by executing simple "atomic tests" that exercise the same techniques used by adversaries (all mapped to Mitre's ATT&CK)

Its official website: https://github.com/redcanaryco/atomic-red-team

Caldera

Another threat simulation tool is Caldera.

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within WindowsEnterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project.

Its official website: https://github.com/mitre/caldera

Suricata

Intrusion detection systems are a set of devices or pieces of software that play a huge role in modern organizations to defend against intrusions and malicious activities. The role of network-based intrusion detection systems is to detect network anomalies by monitoring the inbound and outbound traffic. One of the most-used IDSs is Suricata. Suricata is an open-source IDS/IPS developed by the Open Information Security Foundation (OISF)

Its official website: https://suricata-ids.org

Zeek 

Zeek is one of the most popular and powerful NIDS. Zeek was known before by Bro. This network analysis platform is supported by a large community of experts. Thus, its documentation is very detailed and good.

Its official website: https://www.zeek.org

OSSEC

OSSEC is a powerful host-based intrusion detection system. It provides Log-based Intrusion Detection (LIDs), Rootkit and Malware Detection, Compliance Auditing, File Integrity Monitoring (FIM) and many other capabilities.

Its official website:https://www.ossec.net

OSQuery

OSQuery is a framework that is supported by many operating systems in order to perform system analytics and monitoring using simple queries. It uses SQL queries.

It's official website:https://www.osquery.io

FTK Imager

Forensic imaging is a very important task in digital forensics. Imaging is copying the data carefully with ensuring its integrity and without leaving out a file because it is very critical to protect the evidence and make sure that it is properly handled. That is why there is a difference between normal file copying and imaging. Imaging is capturing the entire drive. When imaging the drive, the analyst image the entire physical volume including the master boot record. One of the used tools is "AccessData FTK Imager".

Its official website: https://accessdata.com/product-download/ftk-imager-version-4-2-0

Cuckoo

Malware analysis is the art of determining the functionality, origin, and potential impact of a given malware sample, such as a virus, worm, trojan horse, rootkit, or backdoor. As malware analysts, our main role is to collect all the information about malicious software and have a good understanding of what happened to the infected machines. The most-known malware sandbox is cuckoo.

Its official website: https://cuckoo.sh/blog/

MISP

Malware Information Sharing Platform or simply MISP is an open-source threat sharing platform where analysts collaborate and share information about the latest threats between them. The project was developed by Christophe Vandeplas and it is under GPL v3 license.

Its official website:https://www.misp-project.org

Ghidra

Another great reverse engineering tool is Ghidra. This project is open-source and it is maintained by the National Security Agency Research Directorate. Ghidra gives you the ability to analyze different file formats. It supports Windows, Linux, and macOS. You need to install Java in order to run it. The project comes with much helpful detailed training, documentation, and cheat sheets. Also, it gives you the ability to develop your own plugins using Java or Python.

Its official website is: http://ghidra-sre.org

Snort

Another powerful network-based intrusion detection system is Snort. The project is very powerful and it was developed more than 5 million times. Thus, it is well documented and it is supported by a large community of network security experts.

Its official website: https://www.snort.org

Security Onion

If you are looking for a ready-to-use OS that contains many of the previously discussed tools you can simply download Security Onion. IT is a free and open-source Linux distribution for intrusion detection, enterprise security monitoring, and log management.

Its official website:https://github.com/Security-Onion-Solutions/security-onion

Source :- https://github.com/CIRCL/AIL-framework