4n6ist / usn_analytics
It's not just UsnJrnl (USN Journal Records/Change Journal Records) parser.
☆23Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for usn_analytics
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆40Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- NTFS parser, plus linking capabilites between MFT LogFile and UsnJrnl☆36Updated 8 years ago
- TA505 unpacker Python 2.7☆46Updated 4 years ago
- Analysis PE file or Shellcode☆48Updated 8 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Modified edition of cuckoomon☆48Updated 6 years ago
- QEMU with rVMI extensions☆25Updated 7 years ago
- Network detector for Winnti malware☆20Updated 6 years ago
- A Maltego transform for VirusTotal Submitter Information☆31Updated 5 years ago
- Binary commandline executable to parse ETL files☆67Updated 6 years ago
- Emulates the Sysinternals Autoruns tool, but for DFIR purposes e.g. multi user processing☆53Updated 5 years ago
- This repository regroups the Yara Rules for the Unprotect Project☆25Updated 4 years ago
- a modified version base on Tracecorn☆20Updated 5 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Updated 5 years ago
- threadmap plugin for Volatility Foundation☆27Updated 3 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆37Updated last year
- Recover event log entries from an image by heurisitically looking for record structures.☆27Updated 9 years ago
- Script to parse Process Monitor XML log file, and give you a summary report.☆23Updated 8 years ago
- Trace ScriptBlock execution for powershell v2☆39Updated 4 years ago
- Telsy CTI Research Team☆57Updated 3 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 6 years ago
- ☆41Updated 6 years ago
- Parses the WMI object database....looking for persistence☆31Updated 4 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆40Updated 5 years ago
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Updated 6 years ago
- Rekall Forensics and Incident Response Framework with rVMI extensions☆33Updated 3 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year