kirk-sayre-work / box-js
A tool for studying JavaScript malware.
☆14Updated this week
Related projects ⓘ
Alternatives and complementary repositories for box-js
- Logbook for Digital Forensics and Incident Response☆49Updated 4 months ago
- MasterParser is a simple, all-in-one, digital forensics artifact parser☆23Updated 3 years ago
- Converting data from services like Censys and Shodan to a common data model☆48Updated 2 months ago
- ☆19Updated last year
- my MSTICpy practice and custom tools repository☆11Updated 2 weeks ago
- An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.☆21Updated 2 years ago
- ReWrite of AChoir in Go for Cross Platform☆35Updated last week
- Open source training materials for law-enforcement and organisations interested in DFIR.☆56Updated 2 months ago
- Threat Box Assessment Tool☆19Updated 3 years ago
- Can you pay the ransom in your country?☆14Updated 11 months ago
- Indicators of compromise, YARA rules, and Python scripts to supplement the SANS CTI Summit 2021 talk: "xStart when you're ready".☆14Updated 3 years ago
- CSIRT Jump Bag☆27Updated 7 months ago
- ☆31Updated last month
- Publicly shareable windows event log message data☆27Updated 4 years ago
- A DFVFS Backed Forensic Viewer☆39Updated 4 years ago
- Get started using Synapse Open-Source to start a Cortex and perform analysis within your area of expertise.☆38Updated 2 years ago
- A completely unsupported set of scripts used in SANS FOR572, Advanced Network Forensics and Analysis☆23Updated 4 months ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆39Updated 2 years ago
- Synopsis is a tool to aid analysts reviewing browser history files by providing a high-level “synopsis” of key information.☆20Updated 6 years ago
- ☆24Updated 2 years ago
- A script to assist in processing forensic RAM captures for malware triage☆27Updated 3 years ago
- Just Another broken Registry Parser (JARP)☆16Updated 6 months ago
- BlueSploit is a DFIR framework with the main purpose being to quickly capture artifacts for later review.☆32Updated 4 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆44Updated 2 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆14Updated 4 years ago
- Notes from my "Implementing a Kick-Butt Training Program: Blue Team GO!" talk☆12Updated 5 years ago
- Scripts and lists to help generate YARA friendly string mutations☆19Updated last year
- Remote access and Antivirus Logging Database☆41Updated 6 months ago
- Splunk Technology-AddOn for Aurora Sigma-Based EDR Agent. It helps parse and configure the necessary inputs to neatly consume Aurora EDR …☆13Updated 2 years ago
- Python library for threat intelligence☆80Updated 4 months ago