0xThiebaut / Signatures
π§ Currently transfering TLP:CLEAR rules from TLP:AMBER repository...
β22Updated 5 months ago
Related projects: β
- Defeating Anti-Debugging Techniques for Malware Analysisβ13Updated last year
- Identifies metadata of .NET binary files.β21Updated 5 months ago
- Tools for offensive security of NetBackup infrastructuresβ38Updated last year
- Automatically spider the result set of a Censys/Shodan search and download all files where the file name or folder path matches a regex.β27Updated last year
- Collection of generic YARA rulesβ14Updated 3 months ago
- β22Updated 9 months ago
- Static Decryptor for IcedID Malwareβ18Updated last year
- Registry hive parsing the async wayβ18Updated 2 weeks ago
- Yara Rules for Modern Malwareβ68Updated 6 months ago
- β16Updated this week
- Reads and prints information from the website MalAPI.ioβ19Updated 2 years ago
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testingβ21Updated last year
- The repository accompanying the Buer Emulation workshopβ23Updated 3 years ago
- Here are some of my malware reversing papers that I will be publishingβ30Updated 2 years ago
- β26Updated last month
- Configuration Extractors for Malwareβ51Updated 2 weeks ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablinβ¦β42Updated last year
- β31Updated 2 years ago
- Small visualizator for PE filesβ66Updated 11 months ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.β56Updated 11 months ago
- A proof-of-concept re-assembler for reverse VNC traffic.β24Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgersβ61Updated 2 years ago
- This is a little plugin to copy disassembly in a way that is usable in YARA rules!β30Updated last year
- Extension functionality for the NightHawk operator clientβ26Updated 10 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.ioβ77Updated 7 months ago
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is execβ¦β19Updated 2 years ago
- β21Updated last year
- Golang bindings for PE-sieveβ40Updated 10 months ago
- bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profesβ¦β47Updated last year
- Reverse Engineering and Debugging Malwareβ28Updated last year