libyal / winevt-kb
Windows Event Log Knowledge Base
☆16Updated 4 months ago
Related projects: ⓘ
- Rekall Memory Forensic Framework☆29Updated 5 years ago
- ☆23Updated 5 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆49Updated 2 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆28Updated 3 years ago
- Utilities for working with vivisect☆21Updated this week
- Generates YARA rules to detect malware using API hashing☆17Updated 3 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 3 years ago
- ☆13Updated this week
- Trace ScriptBlock execution for powershell v2☆39Updated 4 years ago
- Steezy - Ghetto Yara Generation☆15Updated last year
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆52Updated 6 years ago
- ☆21Updated 3 years ago
- ☆12Updated last year
- A tool to create COM class/interface relationships in neo4j☆47Updated last year
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 2 years ago
- ☆47Updated 4 years ago
- ☆13Updated 3 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- ☆31Updated 2 years ago
- Notepad++ Syntax Highlighting for Languages Used by Cyber Security Professionals☆14Updated 4 years ago
- Maltego transforms to pivot between PE files based on their VirusTotal codeblocks☆18Updated 3 years ago
- This repository regroups the Yara Rules for the Unprotect Project☆24Updated 3 years ago
- This is a simple tool to dump all the reparse points on an NTFS volume.☆32Updated 4 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- ☆33Updated 5 years ago
- Tool to decrypt the configuration of NanoCore and dump all used plugins☆10Updated 3 years ago
- A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.☆50Updated 3 years ago
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆21Updated 2 years ago
- Specialized tool to dump Position Independent Code.☆21Updated 4 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆38Updated 4 years ago