Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
☆29Sep 29, 2025Updated 5 months ago
Alternatives and similar repositories for sandfly-file-decloak
Users that are interested in sandfly-file-decloak are comparing it to the libraries listed below
Sorting:
- Linux #rootkit and #malware revealer☆31Aug 1, 2024Updated last year
- MISP to Microsoft Defender integration☆17Feb 24, 2026Updated last week
- yet another hidden LKM hunter☆32Sep 18, 2025Updated 5 months ago
- Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes☆12Sep 30, 2020Updated 5 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- SwaraVM is a mobile security virtual machine that aggregates tools and resources that are commonly used for network traffic analysis, mal…☆32Aug 6, 2019Updated 6 years ago
- ETW forensic tool for Volatility3 plugin☆17Nov 15, 2024Updated last year
- ☆14Dec 24, 2019Updated 6 years ago
- ☆15Dec 22, 2021Updated 4 years ago
- Just Another broken Registry Parser (JARP)☆16May 23, 2024Updated last year
- CryptnetURLCacheParser is a tool to parse CryptAPI cache files☆21Aug 3, 2024Updated last year
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- Simple CLI utility to save off an image from every webcam hooked into a mac☆14May 20, 2021Updated 4 years ago
- Python web app for previewing data in a Chrome Profile Folder☆23Jul 1, 2024Updated last year
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆22Mar 5, 2024Updated last year
- ☆46Oct 27, 2023Updated 2 years ago
- ☆23Jan 15, 2019Updated 7 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Mapping XProtect's obfuscated malware family names to common industry names.☆94Nov 14, 2025Updated 3 months ago
- Make an Linux Kernel rootkit visible again.☆59Feb 27, 2025Updated last year
- Bluetooth Find provides a mechanism with which you can locate and track discoverable Bluetooth devices☆30Dec 17, 2018Updated 7 years ago
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- Harvest Linux forensic data for operational triage of an event.☆51Nov 30, 2025Updated 3 months ago
- A preconfigured Velociraptor triage collector☆76Feb 16, 2026Updated 2 weeks ago
- ESXi Cyber Security Incident Response Script☆25Sep 4, 2024Updated last year
- Firefox addon for queueing videos to MeTube instance.☆33Nov 18, 2025Updated 3 months ago
- Python client for DFIR-IRIS☆25Aug 19, 2024Updated last year
- General Content☆25Dec 23, 2025Updated 2 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆78Dec 16, 2024Updated last year
- A triage data collection script for macOS☆29Nov 27, 2020Updated 5 years ago
- Collection of scripts used to deobfuscate GOOTLOADER malware samples.☆77Dec 29, 2025Updated 2 months ago
- Sigma rules to share with the community☆124Jan 29, 2025Updated last year
- yara detection rules for hunting with the threathunting-keywords project☆157May 11, 2025Updated 9 months ago
- Jupyter Notebook Praktikum Projects. This is repository with data analyst educational projects from Yandex.Praktikum.☆11Feb 21, 2021Updated 5 years ago
- Parses the WMI object database....looking for persistence☆34Dec 12, 2019Updated 6 years ago
- ☆36Jun 20, 2022Updated 3 years ago
- Backstage Parser☆33Jun 23, 2022Updated 3 years ago
- Artifact collection tool for *nix systems☆212Mar 20, 2024Updated last year