BitsOfBinary / ghidra-scripts
My collection of scripts for Ghidra (https://github.com/NationalSecurityAgency/ghidra)
☆10Updated 4 years ago
Alternatives and similar repositories for ghidra-scripts:
Users that are interested in ghidra-scripts are comparing it to the libraries listed below
- Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if re…☆21Updated 5 years ago
- Steezy - Ghetto Yara Generation☆15Updated 2 years ago
- ☆71Updated last year
- Generates YARA rules to detect malware using API hashing☆17Updated 4 years ago
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 3 years ago
- ☆36Updated 5 years ago
- ☆15Updated 2 years ago
- Parse Microsoft shim databases☆30Updated 3 months ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆44Updated 3 years ago
- A set of tools for collecting forensic information☆26Updated 5 years ago
- ☆18Updated 4 years ago
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Updated 3 years ago
- Imphash-like calculation on Golang binaries☆49Updated 2 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆60Updated 8 months ago
- ☆33Updated 3 years ago
- ☆47Updated 5 years ago
- Windows Event Log Knowledge Base☆23Updated 6 months ago
- The Multiplatform Linux Sandbox☆15Updated last year
- Function ID for Malware Analysis☆11Updated 4 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆53Updated 2 years ago
- Maltego transforms to pivot between PE files based on their VirusTotal codeblocks☆18Updated 3 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Scripts, Yara rules and other files developed during malware investigations☆25Updated 2 years ago
- ☆54Updated 6 months ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆64Updated 3 years ago
- Scripts to aid analysis of files obfuscated with ScatterBee.☆20Updated 2 years ago
- This is a repository for the public blog with Labs indicators of compromise and code☆18Updated 5 years ago
- SPI flash read MitM attack PoC☆37Updated 2 years ago
- docker-compose to deploy CTFd w/ ghidragolf configurations☆12Updated 2 years ago
- ☆23Updated 5 years ago