sandflysecurity / sandfly-file-decloak
Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
☆21Updated last year
Related projects: ⓘ
- Linux #rootkit and #malware revealer☆17Updated last month
- Yara rules☆18Updated last year
- Converts Sigma detection rules to a Splunk alert configuration.☆13Updated 3 years ago
- Penguin OS Forensic (or Flight) Recorder☆37Updated last month
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆24Updated 2 years ago
- C# User Simulation☆33Updated last year
- Threat hunting with EQL and Bro. This repo contains modifications to EQL and EQLLib to use BRO logs.☆8Updated 5 years ago
- Carving tool based in Radare2 & Yara☆15Updated 5 years ago
- Conceptual Methods for Finding Commonalities in Macho Files☆12Updated 5 months ago
- ☆19Updated 4 years ago
- A collection of threat intelligence data such as IOC, Yara and Snort/Suricata Rules etc.☆10Updated 5 years ago
- A list of IOCs applicable to PoshC2☆23Updated 4 years ago
- ☆15Updated 2 years ago
- Code and Slides of my BSides London 2019 presentation about Attacker Emulation using CALDERA☆22Updated 5 years ago
- YARA Rule Strings Statistics Calculator and Malware Research Helper☆11Updated 3 years ago
- ☆15Updated 2 years ago
- ☆22Updated 3 years ago
- Accelerating the collection, processing, analysis and outputting of digital forensic artefacts.☆29Updated 2 months ago
- Scripts and lists to help generate YARA friendly string mutations☆19Updated last year
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆13Updated 6 months ago
- Indicators of Normality☆12Updated 2 years ago
- Generate YARA rules for OOXML documents.☆37Updated last year
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆21Updated 7 months ago
- Can you pay the ransom in your country?☆13Updated 9 months ago
- Links to malware-related YARA rules☆14Updated last year
- unix_collector is a Live Response collection script for Incident Response on UNIX-like systems using native binaries. Supports AIX, Andro…☆30Updated last month
- Crowdstrike Falcon Host script for iterating through instances to get alert and other relevant data☆13Updated 5 years ago
- An experimental Velociraptor implementation using cloud infrastructure☆21Updated 2 weeks ago
- Windows Security Logging☆43Updated 2 years ago
- A set of YARA rules for the AIL framework to detect leak or information disclosure☆36Updated 2 months ago