Dump quarantined files from Windows Defender
☆75Apr 6, 2022Updated 3 years ago
Alternatives and similar repositories for defender-dump
Users that are interested in defender-dump are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- Multi-quarantine extractor☆52Mar 3, 2026Updated 3 weeks ago
- an open source python deobfuscator for pyobfuscate.com☆40Jul 28, 2024Updated last year
- Utilizing DLang For Offensive Operations.☆14May 29, 2025Updated 9 months ago
- This tool aims at parsing Microsoft Protection logs to provide relevant data to forensic analysts during incident responses.☆21Sep 30, 2022Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 11 months ago
- Thor Artifacts for Velociraptor☆19Dec 2, 2025Updated 3 months ago
- Capture. Detonate. Collect☆14Sep 20, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- A repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.☆44Jul 18, 2022Updated 3 years ago
- Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.☆22Jan 6, 2025Updated last year
- ☆21May 8, 2022Updated 3 years ago
- Vault of Windows Registry forensic artifacts☆28Nov 12, 2025Updated 4 months ago
- This is a repository for reporting any issues in any of my software☆13May 15, 2018Updated 7 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Carve file metadata from NTFS index ($I30) attributes☆71Feb 3, 2024Updated 2 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 11 months ago
- Fork this repo! Do a Pull Request! As many times as you want! Learn the ins and outs of how to contribute to GitHub! Make your mistakes h…☆14Jun 21, 2024Updated last year
- Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)☆68Sep 13, 2023Updated 2 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆315Sep 3, 2023Updated 2 years ago
- StickyParser - Sticky Notes Forensic. A Windows Sticky Notes Praser (snt and plum.sqlite supported). Additional Feature: SQLite Recovery …☆21Jul 18, 2023Updated 2 years ago
- Disassemble V8 Ignition bytecode.☆12Jan 2, 2024Updated 2 years ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 9 months ago
- ☆24Mar 12, 2025Updated last year
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- USN Journal full path builder☆67Sep 16, 2024Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 10 months ago
- ☆22Jan 31, 2023Updated 3 years ago
- Plugins for parsing CSV files in Timeline Explorer. This project allows for anyone to add more supported files (i,e. they get a Line #/ta…☆30May 5, 2025Updated 10 months ago
- ☆37Nov 8, 2024Updated last year
- VelociraptorMCP is a Model Context Protocol bridge for exposing LLMs to MCP clients.☆73Aug 20, 2025Updated 7 months ago
- Near compile-time string obfuscation for Golang☆13Oct 3, 2023Updated 2 years ago
- Reverse engineering malware samples☆16Dec 3, 2021Updated 4 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- extract chromium-based browser's cookies using chrome's remote debugging without admin rights☆22Nov 3, 2024Updated last year
- A malicous Golang Package☆15Apr 21, 2025Updated 11 months ago
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆16Dec 21, 2021Updated 4 years ago
- A collaboration effort by the DFIR community to provide definitions (sometimes multiple) for common forensic terms!☆26Dec 1, 2022Updated 3 years ago
- HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint☆16Jan 30, 2025Updated last year
- The first open source runtime windows batch and command line deobfuscator☆43Aug 20, 2025Updated 7 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆254Oct 29, 2025Updated 4 months ago