DidierStevens / AdHoc
AdHoc solutions
☆48Updated last year
Related projects: ⓘ
- Simple PowerShell script to enable process scanning with Yara.☆86Updated last year
- Triaging Windows event logs based on SANS Poster☆37Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆61Updated 2 years ago
- ☆47Updated 4 years ago
- ☆36Updated this week
- Yara Rules for Modern Malware☆68Updated 6 months ago
- ☆34Updated last year
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆59Updated 2 years ago
- Lazarus analysis tools and research report☆54Updated 8 months ago
- subTee gists code backups☆38Updated 6 years ago
- This is a repository that is meant to hold detections for various process injection techniques.☆32Updated 4 years ago
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆34Updated last year
- Modular malware analysis artifact collection and correlation framework☆49Updated 4 months ago
- BloodCheck enables Red and Blue Teams to manage multiple Neo4j databases and run Cypher queries against a BloodHound dataset.☆17Updated 3 years ago
- ☆41Updated 2 years ago
- A set of tools for collecting forensic information☆24Updated 4 years ago
- ☆37Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆72Updated 2 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Specialized tool to dump Position Independent Code.☆21Updated 4 years ago
- Unpacking and decryption tools for the Emotet malware☆46Updated 2 years ago
- Kerberos laboratory to better understand and then detecting attack on kerberos☆67Updated 3 years ago
- ☆39Updated this week
- A module for CME that spiders across a domain.☆35Updated 2 years ago
- Repository for LNK stuff☆27Updated 2 years ago
- ☆15Updated 3 years ago
- ☆35Updated this week
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆57Updated last year
- ☆130Updated this week
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆72Updated last month