decalage2 / balbuzard
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
☆129Updated 4 years ago
Related projects: ⓘ
- A modern Python-3-based alternative to RegRipper☆184Updated 11 months ago
- EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.☆180Updated 4 years ago
- Various scripts for different malware families☆106Updated 3 years ago
- unXOR will search a XORed file and try to guess the key using known-plaintext attacks.☆141Updated 4 years ago
- Python script to decode common encoded PowerShell scripts☆214Updated 6 years ago
- Set of Yara rules for finding files using magics headers☆134Updated 4 years ago
- ☆80Updated 4 years ago
- Miscellaneous Malware RE☆195Updated 2 years ago
- Lazy Office Analyzer☆118Updated 7 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆128Updated last year
- Yet another registry parser☆128Updated 2 years ago
- ☆134Updated 5 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆111Updated 3 months ago
- Extract common Windows artifacts from source images and VSCs☆65Updated 3 years ago
- c2 traffic☆187Updated last year
- Script lets you gather malicious software and c&c servers from open source platforms like Malshare, Malcode, Google, Cymon - vxvault, cyb…☆33Updated 4 years ago
- Page File analysis tools.☆124Updated 8 years ago
- ☆101Updated this week
- Mystique may be used to discover infection markers that can be used to vaccinate endpoints against malware. It receives as input a malici…☆80Updated 6 years ago
- Various capabilities for static malware analysis.☆75Updated 2 weeks ago
- ☆121Updated 2 years ago
- Yara-Endpoint is a tool useful for incident response as well as anti-malware enpoint base on Yara signatures.☆102Updated 6 years ago
- Malware similarity platform with modularity in mind.☆75Updated 3 years ago
- Tools from WFA 4/e, timeline tools, etc.☆130Updated 6 months ago
- BinSequencer is a script designed to find a common pattern of bytes within a set of samples and generate a YARA rule from the identified…☆72Updated 2 years ago
- Community modules for FAME☆63Updated 2 weeks ago
- Volatility plugins created by the author☆44Updated 8 years ago
- For all these times you're asking yourself "what is this panel again?"☆251Updated last year
- Random hunting ordiented yara rules☆95Updated last year