Curated utilities grouped by category. Keep it practical.
Velociraptor
Endpoint visibility + collection at scale (DFIR / threat hunting).
KAPE
Targeted forensic collection and processing framework.
Capa
Identify capabilities in malware binaries using rules.
Ghidra
Software reverse engineering suite.
Sigma
Generic detection rule format that can be converted to SIEM queries.
Wireshark
Packet capture and protocol analysis.
Zeek
Network security monitor with rich logs.
Maltego
Link analysis and investigations.
Sysmon
Windows system monitoring via rich event telemetry.