Chamindu Pushpika

Every IR engagement starts the same painful way: Download KAPE. Remember the flags. Spin up Velociraptor. Hunt for the hashing script. Build a chain-of-custody spreadsheet from scratch. Write the report template on the fly. Meanwhile, the attacker has already been in the environment for days. We built VanGuard to kill that entire tooling nightmare. VanGuard is a single binary (Windows + Linux) that runs from a USB drive or your local machine — no installation, no dependencies, fully air-gapped. It consolidates triage, threat hunting, memory forensics, disk collection, remote ops, and reporting into a single, clean, professional TUI. What makes it different: → 28 pre-built IR use cases (ransomware, BEC, lateral movement, credential theft, rootkits) — each with full MITRE ATT&CK mapping → Velociraptor as a first-class citizen (server lifecycle, agent deployment, offline collectors — all from one interface) → Every artifact dual-hashed (MD5 + SHA256) + HMAC-SHA256 tamper-evident chain of custody → One-command HTML incident reports that work completely offline → True cross-platform: same binary handles Windows and Linux investigations We didn’t build this as a product. We built it because we needed it on real engagements — and as a training aid for practitioners who want to level up their DFIR skills. 👉 Landing page + screenshots: https://t.co/QXM7lJixx9 👉 GitHub: https://t.co/dEmIuEumO6 The investigation methodology behind every VanGuard use case is taught in our Practical Incident Response course — first modules are completely free, no account required: https://t.co/H7SfwMBpFk Download it, run it in your lab, and let me know what you think. Star it if it helps. Issues and feedback very welcome 🔥 #DFIR #IncidentResponse #OpenSource #BlueTeam #Velociraptor

💡 𝗛𝗼𝘄 𝘁𝗼 𝗙𝗶𝗻𝗱 𝗢𝗽𝗲𝗻 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝗶𝗲𝘀: 𝗣𝗼𝗿𝘁𝗮𝗹𝘀 𝗳𝗼𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 https://t.co/YXTzBxmsT3 From a defensive standpoint, open directories represent both a risk and an opportunity. They are often overlooked yet incredibly informative sources of threat intelligence. Misconfigured directories can leak sensitive material that attackers can later exploit, but they also provide threat hunters with a rich source of real artifacts and infrastructure clues when searching for malicious activity. What makes open directories especially valuable is the variety of materials they expose: • DDoS scripts • PowerShell scripts • Custom malware and malicious browser extensions • Backdoors and exploits • .bash_history files • Banking trojans • And much more! For proactive defenders, open directories are an opportunity to understand adversary behavior and intercept attacks earlier than traditional detection would allow. Read more on how to find and approach open directories ⬇️ #CyberSecurity #ThreatHunting #OpenDirectories #ThreatIntel