Matmaus / LnkParse3Links
Windows Shortcut file (LNK) parser
☆93Updated 2 months ago
Alternatives and similar repositories for LnkParse3
Users that are interested in LnkParse3 are comparing it to the libraries listed below
Sorting:
- ☆106Updated last year
- Repository of Yara Rules☆111Updated 2 months ago
- Windows symbol tables for Volatility 3☆87Updated 11 months ago
- Dump quarantined files from Windows Defender☆64Updated 3 years ago
- Powershell script deobfuscation using AST in Python☆68Updated last year
- YARA rule analyzer to improve rule quality and performance☆102Updated 2 months ago
- YARA Language Server☆71Updated 3 weeks ago
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆36Updated 2 years ago
- $MFT directory tree reconstruction & FILE record info☆306Updated 8 months ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆116Updated 2 years ago
- Windows Registry Knowledge Base☆176Updated 8 months ago
- Elastic Security Labs releases☆68Updated last week
- Carve file metadata from NTFS index ($I30) attributes☆66Updated last year
- Native Python3 bindings for @horsicq's Detect-It-Easy☆71Updated last month
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆79Updated last month
- A ProcessMonitor visualization application written in rust.☆181Updated last year
- A guide on how to write fast and memory friendly YARA rules☆144Updated 4 months ago
- Rules Shared by the Community from 100 Days of YARA 2023☆77Updated 2 years ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆83Updated last year
- Volatility Symbol Generator for Linux Kernels☆35Updated last year
- Use YARA rules on Time Travel Debugging traces☆91Updated last year
- Rules shared by the community from 100 Days of YARA 2024☆85Updated 5 months ago
- ☆250Updated last year
- PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…☆193Updated last year
- Manipulate timestamps on NTFS☆52Updated 10 years ago
- capemon: CAPE's monitor☆123Updated 2 weeks ago
- Volatility3 plugins developed and maintained by the community☆59Updated 2 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆118Updated 5 months ago
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago
- Multi-quarantine extractor☆47Updated last month