GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fireeye → Flare Wmi

fireeye / Flare Wmi

Licence: apache-2.0

Programming Languages

python
139335 projects - #7 most used programming language

Labels

forensics

Projects that are alternatives of or similar to Flare Wmi

ManTraNet-pytorch
Implementation of the famous Image Manipulation\Forgery Detector "ManTraNet" in Pytorch
Stars: ✭ 47 (-85.36%)
Mutual labels:  forensics
dcfldd
Enhanced version of dd for forensics and security
Stars: ✭ 27 (-91.59%)
Mutual labels:  forensics
Recuperabit
A tool for forensic file system reconstruction.
Stars: ✭ 280 (-12.77%)
Mutual labels:  forensics
macOS-triage
macOS triage is a python script to collect various macOS logs, artifacts, and other data.
Stars: ✭ 20 (-93.77%)
Mutual labels:  forensics
git-forensics-plugin
Jenkins plug-in that mines and analyzes data from a Git repository
Stars: ✭ 19 (-94.08%)
Mutual labels:  forensics
WiFi-Project
Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-93.15%)
Mutual labels:  forensics
ir scripts
incident response scripts
Stars: ✭ 17 (-94.7%)
Mutual labels:  forensics
Hackdroid
Android Apps, Roms and Platforms for Pentesting
Stars: ✭ 310 (-3.43%)
Mutual labels:  forensics
ImageSplicingDetection
Illuminant inconsistencies for image splicing detection in forensics
Stars: ✭ 36 (-88.79%)
Mutual labels:  forensics
Free Security Ebooks
Free Security and Hacking eBooks
Stars: ✭ 3,132 (+875.7%)
Mutual labels:  forensics
bootcode parser
A boot record parser that identifies known good signatures for MBR, VBR and IPL.
Stars: ✭ 91 (-71.65%)
Mutual labels:  forensics
lsrootkit
Rootkit Detector for UNIX
Stars: ✭ 53 (-83.49%)
Mutual labels:  forensics
bits parser
Extract BITS jobs from QMGR queue and store them as CSV records
Stars: ✭ 64 (-80.06%)
Mutual labels:  forensics
mini-kali
Docker image for hacking
Stars: ✭ 15 (-95.33%)
Mutual labels:  forensics
Meerkat
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
Stars: ✭ 284 (-11.53%)
Mutual labels:  forensics
truehunter
Truehunter
Stars: ✭ 30 (-90.65%)
Mutual labels:  forensics
rair-core
RAIR: RAdare In Rust
Stars: ✭ 63 (-80.37%)
Mutual labels:  forensics
Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-3.12%)
Mutual labels:  forensics
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1320.87%)
Mutual labels:  forensics
wipedicks
Wipe files and drives securely with randoms ASCII dicks
Stars: ✭ 94 (-70.72%)
Mutual labels:  forensics
View All Similar Projects ➔

flare-wmi

This repository contains various documentation and code projects that describe the Windows Management Instrumentation (WMI) technology. The research was first introduced at Defcon 23 in 2015, and the associated slides are available here: DEFCON_23-WMI-Attacks-Defense-Forensics.pdf.

python-cim (active development)

python-cim is a pure Python parser for the WMI repository database. It supports read access to WMI structures via a flexible API. You can use the provided "sample" scripts to dump persistence locations, identify commonly executed software, timeline activity, and recover deleted data.

WMIParser (unmaintained)

WMIParser is a forensic parser for the WMI repository database files that can extract FilterToConsumerBindings that malicious actors have hijacked. The parser is written in C.

WMI-IDS (unmaintained)

WMI-IDS is a proof-of-concept agent-less host intrusion detection system designed to showcase the unique ability of WMI to respond to and react to operating system events in real-time. WMI-IDS is a PowerShell module that serves as an installer of WMI events on a local or remote system.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].