decalage2 / balbuzard
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆134Updated 5 years ago
Alternatives and similar repositories for balbuzard:
Users that are interested in balbuzard are comparing it to the libraries listed below
- Various scripts for different malware families☆104Updated 3 years ago
- A modern Python-3-based alternative to RegRipper☆192Updated 3 months ago
- Community modules for FAME☆65Updated last month
- Python script to decode common encoded PowerShell scripts☆216Updated 6 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆115Updated 9 months ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆132Updated 2 years ago
- Volatility plugins created by the author☆44Updated 9 years ago
- Various capabilities for static malware analysis.☆77Updated 5 months ago
- ☆82Updated 8 years ago
- Tools from WFA 4/e, timeline tools, etc.☆135Updated last year
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- Autoruns plugin for the Volatility framework☆121Updated 5 years ago
- Miscellaneous Malware RE☆195Updated 2 years ago
- ☆53Updated 4 years ago
- Malware similarity platform with modularity in mind.☆78Updated 3 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆106Updated 6 years ago
- Ursnif beacon decryptor☆27Updated last year
- MAEC Schemas and Schema Development☆85Updated 5 years ago
- ☆82Updated 5 years ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆192Updated 4 years ago
- VSCode extension for the YARA pattern matching language☆64Updated last year
- Yet another registry parser☆130Updated 2 years ago
- Lazy Office Analyzer☆119Updated 8 years ago
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆82Updated 7 years ago
- Smart DLL execution for malware analysis in sandbox systems☆143Updated 10 years ago
- ☆134Updated 6 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆79Updated 3 years ago
- Process HTTP Pcaps With YARA☆101Updated 11 years ago
- A taxonomy and dictionary of malware behaviors.☆42Updated 5 years ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆76Updated 3 years ago