MemNixFS - A new memory forensics tool for Linux memory!
Memory forensics in an easy to use virtual file system similar to MemProcFS - but for Linux!
https://t.co/fADZu3vFQ3
Every IR engagement starts the same painful way:
Download KAPE. Remember the flags.
Spin up Velociraptor.
Hunt for the hashing script.
Build a chain-of-custody spreadsheet from scratch.
Write the report template on the fly.
Meanwhile, the attacker has already been in the environment for days.
We built VanGuard to kill that entire tooling nightmare.
VanGuard is a single binary (Windows + Linux) that runs from a USB drive or your local machine — no installation, no dependencies, fully air-gapped.
It consolidates triage, threat hunting, memory forensics, disk collection, remote ops, and reporting into a single, clean, professional TUI.
What makes it different:
→ 28 pre-built IR use cases (ransomware, BEC, lateral movement, credential theft, rootkits) — each with full MITRE ATT&CK mapping
→ Velociraptor as a first-class citizen (server lifecycle, agent deployment, offline collectors — all from one interface)
→ Every artifact dual-hashed (MD5 + SHA256) + HMAC-SHA256 tamper-evident chain of custody
→ One-command HTML incident reports that work completely offline
→ True cross-platform: same binary handles Windows and Linux investigations
We didn’t build this as a product.
We built it because we needed it on real engagements — and as a training aid for practitioners who want to level up their DFIR skills.
👉 Landing page + screenshots: https://t.co/QXM7lJixx9
👉 GitHub: https://t.co/dEmIuEumO6
The investigation methodology behind every VanGuard use case is taught in our Practical Incident Response course — first modules are completely free, no account required:
https://t.co/H7SfwMBpFk
Download it, run it in your lab, and let me know what you think. Star it if it helps. Issues and feedback very welcome 🔥
#DFIR #IncidentResponse #OpenSource #BlueTeam #Velociraptor
🚨 FREE CERT ALERT: The Junior Vibe Pentester (JVP) certification is currently $0 (was $50).
🛡️ Use code: Free50
🔗 Get it here: https://t.co/hPrNVJzKqW
Go get those labs!
#InfoSec#CyberSecurity#BugBounty