Yamato Security is a security group created by Zach Mathis (@yamatosecurity) in 2012. At first, the main purpose was to provide security training to build a local security community in Western Japan but has grown to provide training, CTF events, webinars, etc... across the country for thousands of people.
Now, with a group of volunteer members, we are providing free open source DFIR tools such as Hayabusa, WELA, Takajo, Suzaku, etc...
Please contact us if you want to help out and contribute.
- Hayabusa - (隼) A sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
- Takajo - (鷹匠) An analyzer for Hayabusa results.
- Suzaku - (朱雀) A sigma-based threat hunting and fast forensics timeline generator for cloud logs.
- WELA - ゑ羅(ウェラ)(Windows Event Log Auditor): An auditing and configuration tool for Windows event logs.
- Yamato Security's Windows Event Log Configuration Guide For DFIR And Threat Hunting - Documentation for how to configure proper Windows audit log settings and which categories and Event IDs are important to monitor.
- Presentations - Presentations in English and Japanese.