Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
☆220Mar 17, 2026Updated this week
Alternatives and similar repositories for VM-Packages
Users that are interested in VM-Packages are comparing it to the libraries listed below
Sorting:
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,438Updated this week
- Tricard - Malware Sandbox Fingerprinting☆23Dec 11, 2023Updated 2 years ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆701Mar 12, 2026Updated last week
- Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…☆7,542Oct 16, 2025Updated 5 months ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆87Mar 11, 2026Updated last week
- Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysi…☆1,304Jun 1, 2023Updated 2 years ago
- PowerShell scripts for running Magnet RESPONSE forensic collection tool in large enterprises.☆31Jan 9, 2025Updated last year
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,890Updated this week
- ☆22Nov 22, 2025Updated 4 months ago
- A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…☆430Jan 25, 2025Updated last year
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,923Updated this week
- FLARE floss applied to all unpacked+dumped samples in Malpedia, pre-processed for further use.☆76Jan 6, 2026Updated 2 months ago
- ☆27Feb 6, 2022Updated 4 years ago
- This repository contains helper scripts and custom configs to get the best out of Google's Timesketch project.☆120Oct 8, 2023Updated 2 years ago
- File Capability Extractor☆14Jul 12, 2025Updated 8 months ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Jul 9, 2023Updated 2 years ago
- Research notes☆133Dec 6, 2024Updated last year
- A curated list of KAPE-related resources☆184May 1, 2025Updated 10 months ago
- A Multi-Threaded PE Export Collection Utility☆14May 13, 2023Updated 2 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- FakeNet-NG - Next Generation Dynamic Network Analysis Tool☆2,094Dec 9, 2025Updated 3 months ago
- quASAR: ASAR manipulation made easy☆38Sep 7, 2022Updated 3 years ago
- Prefetch Explorer Command Line☆286Jan 12, 2025Updated last year
- JPCERT/CC public YARA rules repository☆109Mar 9, 2026Updated last week
- ☆77Jun 25, 2019Updated 6 years ago
- High Octane Triage Analysis☆830Updated this week
- Notes some analysis related to VidarStealer sample☆16May 5, 2024Updated last year
- ☆14Mar 19, 2024Updated 2 years ago
- Creation of a laboratory for malware analysis in AWS☆109Dec 5, 2022Updated 3 years ago
- Curated Windows event log Sigma rules used in Hayabusa and Velociraptor.☆215Updated this week
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- UnpacMe IDA Byte Search☆29Nov 20, 2023Updated 2 years ago
- Windows 10 Live Information viewer☆38Jan 27, 2022Updated 4 years ago
- Documentation and scripts to properly enable Windows event logs.☆673Oct 3, 2025Updated 5 months ago
- 🚧 Currently transfering TLP:CLEAR rules from TLP:AMBER repository...☆21Mar 22, 2024Updated 2 years ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,319Oct 31, 2025Updated 4 months ago
- Publicly shareable windows event log message data☆28Nov 29, 2019Updated 6 years ago
- ☆988Jan 16, 2026Updated 2 months ago
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago