sandflysecurity / sandfly-entropyscan
Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives output with cryptographic hashes.
☆146Updated 7 months ago
Alternatives and similar repositories for sandfly-entropyscan:
Users that are interested in sandfly-entropyscan are comparing it to the libraries listed below
- simple YARA-based IOC scanner☆165Updated 3 weeks ago
- A toolkit for the post-mortem examination of Docker containers from forensic HDD copies☆97Updated 11 months ago
- Automated YARA Rule Standardization and Quality Assurance Tool☆183Updated this week
- A guide on how to write fast and memory friendly YARA rules☆127Updated last year
- Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.☆110Updated last month
- Automatically create YARA rules from malicious documents.☆208Updated 2 years ago
- Forensic Artifact Collection Tool Matrix☆80Updated 2 months ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆130Updated 2 years ago
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆146Updated last year
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆99Updated 4 months ago
- A YARA rules repository continuously updated for monitoring the old and new threats from articles, incidents responses ...☆138Updated last year
- JPCERT/CC public YARA rules repository☆106Updated last month
- Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulatio…☆139Updated 3 years ago
- The Windows Malware Analysis Reversing Core Tools☆90Updated 4 years ago
- Further investigation in to APT campaigns disclosed by private security firms and security agencies☆84Updated 2 years ago
- Valhalla API Client☆64Updated 2 years ago
- A python script developed to process Windows memory images based on triage type.☆261Updated last year
- YaraScanner is a file pattern-matching tool based on YARA rules.☆56Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆144Updated last year
- Initial triage of Windows Event logs☆95Updated 7 months ago
- Repository with selected IOCs and YARA rules for threat hunting.☆35Updated last month
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆199Updated 2 years ago
- This repo is a collection of Ransomware reports from vendors, researchers, etc.☆113Updated 2 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆164Updated 2 years ago
- Lupo - Malware IOC Extractor. Debugging module for Malware Analysis Automation☆104Updated 2 years ago
- The Linux DFIR Collector is a stand-alone collection tool for Gnu / Linux. Dump artifacts in json format with very few impacts on the hos…☆30Updated 2 years ago
- PCAP visualization tool☆103Updated last year
- Anything Sysmon related from the MSTIC R&D team☆148Updated 7 months ago
- LOKI2 - Simple IOC and YARA Scanner☆84Updated 6 months ago
- YARA rule analyzer to improve rule quality and performance☆96Updated last month