ETW forensic tool for Volatility3 plugin
☆17Nov 15, 2024Updated last year
Alternatives and similar repositories for etw-scan
Users that are interested in etw-scan are comparing it to the libraries listed below
Sorting:
- ☆11Dec 9, 2025Updated 3 months ago
- Generate Volatility3 profiles from BTF.☆31Dec 21, 2024Updated last year
- Windows symbol tables for Volatility 3☆93Jul 11, 2024Updated last year
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 9 months ago
- An efficient tool for extracting files, directories, and alternate data streams directly from NTFS image files.☆22Mar 12, 2026Updated last week
- A collection of content for blue team professionals, designed to support both reactive and proactive cybersecurity measures of every aspe…☆33Oct 24, 2025Updated 4 months ago
- Invanti VPN Vulnerabilities for Jan - Feb 2024 - Links to Keep it all Organized☆16Feb 15, 2024Updated 2 years ago
- USN Journal full path builder☆67Sep 16, 2024Updated last year
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆29Sep 29, 2025Updated 5 months ago
- rpv-web is a browser based frontend for the rpv library☆27Nov 21, 2025Updated 4 months ago
- A curated list of Hardware Hacking resources☆12Apr 14, 2020Updated 5 years ago
- r2con 2020 CTF kernel challenge☆12Sep 13, 2020Updated 5 years ago
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- A simple apple crash report parser for rust☆26Mar 4, 2026Updated 2 weeks ago
- Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family.☆32Jun 28, 2013Updated 12 years ago
- F5 Service Password Decryption☆29Jul 31, 2025Updated 7 months ago
- Archive of challenges @ Flatt Security Mini CTFs☆19Aug 20, 2025Updated 7 months ago
- rpv is a v library for analyzing RPC servers and interfaces on the Windows operating system☆38Nov 21, 2025Updated 4 months ago
- Dreg's setup for lldb reversing. The simplest and easiest possible, without scripting. lldb debugging setup.☆14May 2, 2024Updated last year
- An open-source, cross-platform application for Acorn ADFS and DFS disc image manipulation☆14Apr 10, 2018Updated 7 years ago
- ☆12Jun 3, 2022Updated 3 years ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- Released alongside with a talk at REcon 2023, TheRestarter is an interactive command-line tool is designed to interact with the Windows …☆15Jun 8, 2023Updated 2 years ago
- CVE-2025-22457: Python Exploit POC Scanner to Detect Ivanti Connect Secure RCE☆19Apr 17, 2025Updated 11 months ago
- A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion.☆65Aug 6, 2025Updated 7 months ago
- Stand-alone copy of Androguard from http://code.google.com/p/androguard/☆16Mar 13, 2014Updated 12 years ago
- Wrapper for TSK (Sleuth Kit) Bindings☆12Jan 10, 2023Updated 3 years ago
- User-friendly reference finder in IDA☆39Dec 17, 2022Updated 3 years ago
- Tool to start processes as SYSTEM using token duplication☆37Oct 27, 2020Updated 5 years ago
- Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays☆56Feb 17, 2026Updated last month
- Tools once available from McAfee but are no longer☆13May 9, 2024Updated last year
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- A Simple CLI App to mark all EXCEL sheets visible (i.e. sets "Very Hidden" and "Hidden" to "Visible")☆11Apr 16, 2020Updated 5 years ago
- ☆15May 3, 2024Updated last year
- REplicated STORagE☆13Mar 23, 2023Updated 3 years ago
- DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspect…☆213Updated this week
- This is the LLM integration app that contains the vulnerability; please use it to verify the vulnerability of the LLM integration app.☆74Oct 1, 2025Updated 5 months ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 5 months ago