R3MRUM / PSDecode

Related projects: ⓘ

• danielbohannon / Revoke-Obfuscation
  PowerShell Obfuscation Detection Framework
  ☆719Updated 9 months ago
• JPCERTCC / ToolAnalysisResultSheet
  Tool Analysis Result Sheet
  ☆342Updated 6 years ago
• DissectMalware / XLMMacroDeobfuscator
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆568Updated 4 months ago
• ANSSI-FR / bmc-tools
  RDP Bitmap Cache parser
  ☆463Updated 9 months ago
• davidpany / WMI_Forensics
  ☆293Updated 4 years ago
• travisfoley / dfirtriage
  Digital forensic acquisition tool for Windows based incident response.
  ☆328Updated 4 months ago
• mandiant / SilkETW
  ☆722Updated last year
• mandiant / ShimCacheParser
  ☆271Updated last year
• danielbohannon / Invoke-CradleCrafter
  PowerShell Remote Download Cradle Generator & Obfuscator
  ☆817Updated 6 years ago
• felixweyne / imaginaryC2
  Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …
  ☆444Updated last year
• mandiant / flare-wmi
  ☆415Updated last year
• InQuest / yara-rules
  A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.
  ☆360Updated 2 years ago
• JPCERTCC / MalConfScan
  Volatility plugin for extracts configuration data of known malware
  ☆480Updated 8 months ago
• CERT-Polska / mquery
  YARA malware query accelerator (web frontend)
  ☆407Updated this week
• chenerlich / FCL
  FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
  ☆463Updated 3 years ago
• StrangerealIntel / CyberThreatIntel
  Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
  ☆697Updated last year
• mikesxrs / Open-Source-YARA-rules
  YARA Rules I come across on the internet
  ☆327Updated 5 months ago
• mitre-attack / attack-arsenal
  A collection of red team and adversary emulation resources developed and released by MITRE.
  ☆490Updated 3 years ago
• sbousseaden / Slides
  Misc Threat Hunting Resources
  ☆368Updated last year
• beahunt3r / Windows-Hunting
  ☆344Updated 3 years ago
• leechristensen / UnmanagedPowerShell
  Executes PowerShell from an unmanaged process
  ☆466Updated 8 years ago
• nbeede / BoomBox
  Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
  ☆232Updated last year
• MHaggis / sysmon-dfir
  Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
  ☆895Updated 9 months ago
• mandiant / DueDLLigence
  ☆461Updated last year
• ubeeri / Invoke-UserSimulator
  Simulates common user behaviour on local and remote Windows hosts.
  ☆281Updated 6 years ago
• samratashok / Deploy-Deception
  A PowerShell module to deploy active directory decoy objects.
  ☆220Updated 4 years ago
• TonyPhipps / Meerkat
  A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
  ☆433Updated 3 months ago
• volatilityfoundation / community
  Volatility plugins developed and maintained by the community
  ☆339Updated 3 years ago
• carbonblack / tau-tools
  A repo containing tools developed by Carbon Black's Threat Research Team: Threat Analysis Unit
  ☆228Updated 3 years ago
• advanced-threat-research / Yara-Rules
  Repository of YARA rules made by Trellix ATR Team
  ☆560Updated 8 months ago