-
Notifications
You must be signed in to change notification settings - Fork 23
Home
CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioral patterns described in IOC (Indicator of Compromise) files. The tool is currently composed of two main components:
- The Python Flask-based web interface, used to configure the scans and visualize their results;
- The scanner that connects to remote targets and runs the search for IOCs.
CERTitude is an open-source tool developed by the CERT-Wavestone. It is brought to you freely, but user support is only provided on a best-effort basis.
CERTitude is compatible with a wide range of target Windows operating systems, from XP / 2003 to Windows 10 / Server 2016. Though CERTitude can be run from a Linux host, it is only fully supported on Windows as some features may not be implemented on Linux.
- Address current "bug" issues
- Add new collect modules
- Support for Yara Rules scan
- Address current "enhancement" issues
- Refactor code
- Support for Unix targets
- Interface with LAPS?
Copyright © Wavestone 2017