decalage2 / balbuzard
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆135Updated 5 years ago
Alternatives and similar repositories for balbuzard:
Users that are interested in balbuzard are comparing it to the libraries listed below
- Various scripts for different malware families☆106Updated 4 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆142Updated 5 years ago
- A modern Python-3-based alternative to RegRipper☆194Updated 3 weeks ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago
- Tools from WFA 4/e, timeline tools, etc.☆135Updated last year
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆117Updated 10 months ago
- Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cyb…☆37Updated 5 years ago
- Autoruns plugin for the Volatility framework☆121Updated 5 years ago
- Yet another registry parser☆132Updated 3 years ago
- Process HTTP Pcaps With YARA☆102Updated 11 years ago
- Various Yara signatures (possibly to be included in a release later).☆85Updated 5 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- Python script to decode common encoded PowerShell scripts☆216Updated 6 years ago
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- ☆134Updated 6 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated last month
- Various capabilities for static malware analysis.☆77Updated 7 months ago
- ☆82Updated 8 years ago
- Malware similarity platform with modularity in mind.☆78Updated 3 years ago
- repository of tools & resources of the MMD team☆131Updated 2 years ago
- ☆82Updated 5 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆96Updated last week
- Set of Yara rules for finding files using magics headers☆137Updated 4 years ago
- A curated list of malware repositories, trackers and malware analysis tools☆84Updated 2 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆221Updated 4 years ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- PE Import Hash Generator☆78Updated 7 years ago
- Community modules for FAME☆65Updated 2 months ago
- ☆53Updated 4 years ago
- Ursnif beacon decryptor☆27Updated 2 years ago