mandiant / gootloader
Collection of scripts used to deobfuscate GOOTLOADER malware samples.
☆60Updated 2 months ago
Alternatives and similar repositories for gootloader:
Users that are interested in gootloader are comparing it to the libraries listed below
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆76Updated last year
- Memory Baseliner is a script that can compare two windows memory images or perform frequency of occurrence / data stacking analysis on mu…☆52Updated last year
- YARA rule analyzer to improve rule quality and performance☆97Updated 2 months ago
- Project based on RegRipper, to extract add'l value/pivot points from TLN events file☆84Updated last month
- Full of public notes and Utilities☆98Updated last month
- A specification and style guide for YARA rules☆46Updated last year
- Active C&C Detector☆152Updated last year
- ☆86Updated last year
- ☆67Updated 2 weeks ago
- JPCERT/CC public YARA rules repository☆106Updated 3 months ago
- Scripts and tools accompanying HP Threat Research blog posts and reports.☆50Updated 11 months ago
- ☆5Updated 4 months ago
- ☆25Updated 2 years ago
- A repository to share publicly available Velociraptor detection content☆136Updated this week
- Simple PowerShell script to enable process scanning with Yara.☆91Updated 2 years ago
- Sigma rules to share with the community☆119Updated last month
- ☆51Updated 2 months ago
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆37Updated last year
- A C# based tool for analysing malicious OneNote documents☆111Updated last year
- Digital Forensics Artifacts Knowledge Base☆78Updated 9 months ago
- ☆30Updated 2 weeks ago
- Yara Rules for Modern Malware☆73Updated last year
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆30Updated 3 years ago
- This repo is where I store my Threat Hunting ideas/content☆87Updated last year
- A list of RMMs designed to be used in automation to build alerts☆109Updated last week
- A Jupyter notebook to assist with the analysis of the output generated from Volatility memory extraction framework.☆94Updated last year
- Initial triage of Windows Event logs☆95Updated 8 months ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Updated 2 years ago
- Hunt malware with Volatility☆48Updated 10 months ago
- The Windows Malware Analysis Reversing Core Tools☆91Updated 4 years ago