NOAH: Uncover the Evil Within! Respond Immediately by Collecting All the Artifacts Agentlessly

Tools (716AB) November 15, 2017 10:15 am - 11:15 am Feedback     

Bookmark and Share

Pierre-Alexandre Braeken

Imagine the moment when you realize that a malicious threat actor has compromised your network and is currently going through your confidential information. Faced with this dreadful scenario, you initiate an Incident Response.

We have built an open source Incident Response framework based on PowerShell to help security investigation responders gather a vast number of key artifacts without installing any agent on the endpoints thus saving precious time.

Our goal is to provide a community-driven scalable platform allowing Incident Response teams across the world to efficiently hunt from the onset of an incident without having the need to develop ad hoc tools or waste time installing an agent on every endpoint when the incident occurs. We aim to present complex data in an understandable format therefore allowing investigators to respond as quickly as possible.

At a time when the malicious threat actors could have breached your network in multiple ways and left backdoors in the most inconspicuous locations, how fast would you want them found when every second counts?