GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mandiant → flare-wmi

mandiant / flare-wmi

Licence: Apache-2.0 license
No description or website provided.

Programming Languages

C++
36643 projects - #6 most used programming language
python
139335 projects - #7 most used programming language
powershell
5483 projects
c
50402 projects - #5 most used programming language

Labels

forensicswmifireeye-flare

Projects that are alternatives of or similar to flare-wmi

Whatsdump
Extract WhatsApp private key from any non-rooted Android device (Android 7+ supported)
Stars: ✭ 198 (-50.38%)
Mutual labels:  forensics
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+1916.54%)
Mutual labels:  forensics
Judge-Jury-and-Executable
A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power and syntax of SQL.
Stars: ✭ 66 (-83.46%)
Mutual labels:  forensics
Forensic Tools
A collection of tools for forensic analysis
Stars: ✭ 204 (-48.87%)
Mutual labels:  forensics
Invtero.net
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Stars: ✭ 237 (-40.6%)
Mutual labels:  forensics
CCXDigger
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-88.72%)
Mutual labels:  forensics
Ctf Tools
Useful CTF Tools
Stars: ✭ 190 (-52.38%)
Mutual labels:  forensics
marcellelee.github.io
No description or website provided.
Stars: ✭ 27 (-93.23%)
Mutual labels:  forensics
Adtimeline
Timeline of Active Directory changes with replication metadata
Stars: ✭ 252 (-36.84%)
Mutual labels:  forensics
DFIR Resources REvil Kaseya
Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack
Stars: ✭ 172 (-56.89%)
Mutual labels:  forensics
Blackhat Arsenal Tools
Official Black Hat Arsenal Security Tools Repository
Stars: ✭ 2,639 (+561.4%)
Mutual labels:  forensics
Radare2
UNIX-like reverse engineering framework and command-line toolset
Stars: ✭ 15,412 (+3762.66%)
Mutual labels:  forensics
PowerEvents
PowerEvents is a PowerShell module that assists in the registration of WMI permanent event subscriptions.
Stars: ✭ 60 (-84.96%)
Mutual labels:  wmi
Fatcat
FAT filesystems explore, extract, repair, and forensic tool
Stars: ✭ 201 (-49.62%)
Mutual labels:  forensics
CRC-manipulator
Change CRC checksums of your files.
Stars: ✭ 73 (-81.7%)
Mutual labels:  forensics
Pypowershellxray
Python script to decode common encoded PowerShell scripts
Stars: ✭ 192 (-51.88%)
Mutual labels:  forensics
demuxusb
A program and toolset to analyze iDevice USB sessions
Stars: ✭ 25 (-93.73%)
Mutual labels:  forensics
cora-docs
CoRA Docs
Stars: ✭ 36 (-90.98%)
Mutual labels:  forensics
LogESP
Open Source SIEM (Security Information and Event Management system).
Stars: ✭ 162 (-59.4%)
Mutual labels:  forensics
Packrat
Live system forensic collector
Stars: ✭ 16 (-95.99%)
Mutual labels:  forensics
View All Similar Projects ➔

flare-wmi

This repository contains various documentation and code projects that describe the Windows Management Instrumentation (WMI) technology. The research was first introduced at Defcon 23 in 2015, and the associated slides are available here: DEFCON_23-WMI-Attacks-Defense-Forensics.pdf.

python-cim (active development)

python-cim is a pure Python parser for the WMI repository database. It supports read access to WMI structures via a flexible API. You can use the provided "sample" scripts to dump persistence locations, identify commonly executed software, timeline activity, and recover deleted data.

WMIParser (unmaintained)

WMIParser is a forensic parser for the WMI repository database files that can extract FilterToConsumerBindings that malicious actors have hijacked. The parser is written in C.

WMI-IDS (unmaintained)

WMI-IDS is a proof-of-concept agent-less host intrusion detection system designed to showcase the unique ability of WMI to respond to and react to operating system events in real-time. WMI-IDS is a PowerShell module that serves as an installer of WMI events on a local or remote system.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].