knez / defender-dump
Dump quarantined files from Windows Defender
☆51Updated 2 years ago
Related projects: ⓘ
- Multi-quarantine extractor☆34Updated 2 weeks ago
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆47Updated last year
- A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare …☆139Updated 2 months ago
- JPCERT/CC public YARA rules repository☆98Updated 2 months ago
- A repo hosting the Markua content for the EZ Tools manuals hosted on Leanpub☆62Updated last year
- ☆35Updated 3 years ago
- Collection of scripts used to deobfuscate GOOTLOADER malware samples.☆51Updated last month
- ☆46Updated last week
- YARA rule analyzer to improve rule quality and performance☆93Updated 9 months ago
- Elastic Security Labs releases☆46Updated 3 weeks ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆66Updated 9 months ago
- Recycle bin artifact parser☆33Updated 2 weeks ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆74Updated 3 weeks ago
- Carve file metadata from NTFS index ($I30) attributes☆58Updated 7 months ago
- Command line access to the Registry☆123Updated 2 weeks ago
- ☆35Updated 2 weeks ago
- The Windows Malware Analysis Reversing Core Tools☆88Updated 3 years ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆48Updated 5 months ago
- USN Journal full path builder☆36Updated this week
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆62Updated last year
- A C# based tool for analysing malicious OneNote documents☆108Updated last year
- Rules Shared by the Community from 100 Days of YARA 2023☆76Updated last year
- Jupyter Notebooks for Cyber Threat Intelligence☆35Updated last year
- Collection of scripts provided for public use☆28Updated last month
- Manipulate timestamps on NTFS☆48Updated 9 years ago
- Rules shared by the community from 100 Days of YARA 2024☆75Updated 5 months ago
- ☆61Updated 3 weeks ago
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- Powershell sandboxing utility☆17Updated this week
- ☆84Updated 7 months ago