MemProcFS-AnalyzerMemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
Stars: ✭ 89 (+270.83%)
yara-rulesYara rules written by me, for free use.
Stars: ✭ 13 (-45.83%)
MaliceVirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+5120.83%)
Pe SieveScans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Stars: ✭ 1,783 (+7329.17%)
malhuntHunt malware with Volatility
Stars: ✭ 30 (+25%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (+220.83%)
MalcomMalcom - Malware Communications Analyzer
Stars: ✭ 988 (+4016.67%)
CirtkitTools for the Computer Incident Response Team 💻
Stars: ✭ 117 (+387.5%)
optlibA library for financial options pricing written in Python.
Stars: ✭ 166 (+591.67%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-8.33%)
fame modulesCommunity modules for FAME
Stars: ✭ 55 (+129.17%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (+75%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+983.33%)
yaraMalice Yara Plugin
Stars: ✭ 27 (+12.5%)
pyOptionPricingOption pricing based on Black-Scholes processes, Monte-Carlo simulations with Geometric Brownian Motion, historical volatility, implied volatility, Greeks hedging
Stars: ✭ 190 (+691.67%)
autoVolatilityRun several volatility plugins at the same time
Stars: ✭ 63 (+162.5%)
Anti-DebuggingA collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 297 (+1137.5%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-4.17%)
malwinxJust a normal flask web app to understand win32api with code snippets and references.
Stars: ✭ 76 (+216.67%)
Vol3xpVolatility Explorer Suit
Stars: ✭ 31 (+29.17%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (+0%)
Splunk-ETWA Splunk Technology Add-on to forward filtered ETW events.
Stars: ✭ 26 (+8.33%)
EvilizeParses Windows event logs files based on SANS Poster
Stars: ✭ 24 (+0%)
binlexA Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+1162.5%)
Docker-TemplatesDocker configurations for TheHive, Cortex and 3rd party tools
Stars: ✭ 71 (+195.83%)
DDTTXDDTTX Tabletop Trainings
Stars: ✭ 22 (-8.33%)
Get-NetworkConnectionEdited version of Lee Christensen's Get-NetworkConnection which includes timestamp for each network connection
Stars: ✭ 34 (+41.67%)
REW-sploitEmulate and Dissect MSF and *other* attacks
Stars: ✭ 115 (+379.17%)
vminspectTools for inspecting disk images
Stars: ✭ 25 (+4.17%)
impfuzzyFuzzy Hash calculated from import API of PE files
Stars: ✭ 67 (+179.17%)
Practical Malware AnalysisMaterials for a course based on the Practical Malware Analysis text by Andrew Honig and Michael Sikorski
Stars: ✭ 16 (-33.33%)
yara-validatorValidates yara rules and tries to repair the broken ones.
Stars: ✭ 37 (+54.17%)
xrayHexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions
Stars: ✭ 97 (+304.17%)
malware-writeupsPersonal research and publication on malware families
Stars: ✭ 104 (+333.33%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (+33.33%)
CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+408.33%)
rtfraptorExtract OLEv1 objects from RTF files by instrumenting Word
Stars: ✭ 50 (+108.33%)
UnAutoItThe Cross Platform AutoIt Extractor
Stars: ✭ 90 (+275%)
catalystCatalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (+279.17%)
quincyImplementation of the DIMVA 2017 publication "Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps"
Stars: ✭ 66 (+175%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (+108.33%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+833.33%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (+58.33%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (+66.67%)
decrypticonJava-layer Android Malware Simplifier
Stars: ✭ 17 (-29.17%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+558.33%)
xLoggerSimple windows API logger
Stars: ✭ 62 (+158.33%)
QueriesSQLite queries
Stars: ✭ 57 (+137.5%)
stringsifterA machine learning tool that ranks strings based on their relevance for malware analysis.
Stars: ✭ 567 (+2262.5%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (+354.17%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (+150%)
assemblyline clientPython client for Assemblyline 3 and 4 / Client python pour AssemblyLine 3 and 4
Stars: ✭ 19 (-20.83%)