R3MRUM / loki-parse
A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and security researchers who want to know what data is being exfiltrated to the C2, bot tracking, etc...
☆13Updated 3 years ago
Alternatives and similar repositories for loki-parse:
Users that are interested in loki-parse are comparing it to the libraries listed below
- This script is used for extracting DDE in docx and xlsx☆12Updated 7 years ago
- Analysis PE file or Shellcode☆49Updated 8 years ago
- a modified version base on Tracecorn☆20Updated 5 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆41Updated 6 years ago
- Volatility Plugins☆21Updated 9 years ago
- ☆51Updated 8 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Making shellcode UD - https://osandamalith.com☆24Updated 8 years ago
- Various snippets created during malware analysis☆22Updated 6 years ago
- Python script to inject and run shellcodes through TLS callbacks☆50Updated 9 years ago
- A Maltego transform for VirusTotal Submitter Information☆32Updated 5 years ago
- Tools to enumerate Windows Firewall Hook Drivers on Windows 2000, XP and 2003☆20Updated 10 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 5 years ago
- Powershell Persistence Locator☆66Updated 8 years ago
- ☆22Updated 7 years ago
- UAC 0Day all day!☆58Updated 7 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆43Updated 7 years ago
- Use bitsadmin to maintain persistence and bypass Autoruns☆66Updated 7 years ago
- PIC code gen and loading☆14Updated 7 years ago
- CVE-2016-0040 Privilege Escalation Exploit For WMI Receive Notification Vulnerability (x86-64)☆14Updated 6 years ago
- Talk given at DerbyCon and RuxCon 2016☆22Updated 8 years ago
- HackSys Extreme Vulnerable Driver - StackOverflow Exploit☆31Updated 8 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Updated 7 years ago
- public bugs/proof of concepts☆48Updated 4 years ago
- Tool for dropping malware from EK☆40Updated 7 years ago
- ASERT shared scripts for reversing☆32Updated 7 years ago
- VBA Reversed TCP Meterpreter Stager☆62Updated 6 years ago
- Simple DDE object detector☆56Updated 7 years ago
- Hansel - a simple but flexible search for IDA☆26Updated 5 years ago