kevthehermit / volatility_plugins

Related projects: ⓘ

• sysopfb / malware_decoders
  Static based decoders for malware samples
  ☆93Updated 4 years ago
• RomanEmelyanov / CobaltStrikeForensic
  Toolset for research malware and Cobalt Strike beacons
  ☆205Updated last year
• matthewdunwoody / POSHSPY
  POSHSPY backdoor code
  ☆43Updated 7 years ago
• telsy-cyberops / research
  Telsy CTI Research Team
  ☆57Updated 3 years ago
• darkquasar / WMI_Persistence
  A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
  ☆85Updated 6 years ago
• Neo23x0 / DLLRunner
  Smart DLL execution for malware analysis in sandbox systems
  ☆141Updated 9 years ago
• brakmic / Sinkholes
  Malware Sinkhole List in various formats
  ☆102Updated 2 years ago
• DissectMalware / MalwareCMDMonitor
  Shows command lines used by latest instances analyzed on Hybrid-Analysis
  ☆43Updated 6 years ago
• SherifEldeeb / TinyMet
  A "tiny" meterpreter stager
  ☆127Updated 5 years ago
• huntresslabs / evading-autoruns
  Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)
  ☆102Updated 3 years ago
• DarkenCode / yara-rules
  Repository of yara rules
  ☆45Updated 9 years ago
• ohjeongwook / PowerShellRunBox
  Dynamic PowerShell Analysis Framework Based Upon PowerShell Debugging Functionality
  ☆82Updated last year
• kcreyts / plugxdecoder
  Decodes PlugX traffic and encrypted/compressed artifacts
  ☆37Updated 11 years ago
• exp0se / detect_kerberos_attacks
  Detect kerberos attacks in pcap files
  ☆27Updated 8 years ago
• denisugarte / PowerDrive
  A tool for de-obfuscating PowerShell scripts
  ☆65Updated 5 years ago
• fox-it / cobaltstrike-extraneous-space
  Historical list of {Cobalt Strike,NanoHTTPD} servers
  ☆123Updated 5 years ago
• Big5-sec / SourceFu
  hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…
  ☆40Updated 5 years ago
• Cn33liz / VBSMeter
  ☆85Updated this week
• chrisjd20 / power_dump
  ☆28Updated this week
• dzzie / VS_LIBEMU
  ☆149Updated this week
• homjxi0e / LOLBAS222
  APT || Execution || Launch || APTs || ( Authors harr0ey, bohops )
  ☆107Updated 6 years ago
• raw-data / malarchive
  Malware samples observed in the wild from time to time
  ☆12Updated 5 years ago
• Paul-Tew / lifer
  Windows link file (shortcuts) examiner
  ☆65Updated 3 months ago
• SadProcessor / EmpireDog
  A collection of PowerShell Modules for BloodHound/Empire Orchestration
  ☆104Updated 6 years ago
• Neo23x0 / webshell-intel
  Scan web server for known webshell names and responses
  ☆50Updated 8 years ago
• fox-it / danderspritz-evtx
  Parse evtx files and detect use of the DanderSpritz eventlogedit module
  ☆145Updated 6 years ago
• G4LB1T / Invoke-NoShell
  All the Power with no Shell
  ☆36Updated 2 years ago
• haroldogden / adb
  ☆85Updated this week
• DissectMalware / base64_substring
  Generate a Yara rule to find base64-encoded files containg a specific keyword
  ☆39Updated 6 years ago
• decalage2 / oledump-contrib
  The oledump-contrib repository contains plugins and enhancements for the oledump tool published by Didier Stevens.
  ☆52Updated 8 years ago