strayge / pylnk
Python library for reading and writing Windows shortcut files (.lnk). Python 3 only.
☆82Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for pylnk
- Windows Shortcut file (LNK) parser☆71Updated 6 months ago
- an Excel 2007+ Binary Workbook (xlsb) parser for Python☆19Updated 2 years ago
- Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.☆56Updated 2 years ago
- ☆55Updated last month
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆26Updated 2 months ago
- ☆31Updated 2 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆194Updated last year
- Lazarus analysis tools and research report☆55Updated 11 months ago
- A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, E…☆18Updated 4 months ago
- Windows Registry Knowledge Base☆162Updated last month
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆73Updated 3 months ago
- Asynchronous RDP/VNC client for Python (GUI)☆66Updated 2 months ago
- AdHoc solutions☆48Updated last year
- Volatility3 plugins developed and maintained by the community☆45Updated last year
- ☆91Updated 2 years ago
- ☆169Updated 2 months ago
- Tools helpful for malware analysis☆22Updated 3 months ago
- Python DPAPI NG Decryptor for non-Windows Platforms☆56Updated last year
- ☆53Updated last year
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆147Updated last month
- Retrieve inner payloads from Donut samples☆81Updated 9 months ago
- ☆34Updated last year
- A proof-of-concept re-assembler for reverse VNC traffic.☆25Updated last year
- Repository containing malware analysis filters for the Windows SysInternals' - Process Monitor tool☆13Updated 4 years ago
- Windows Event Log Knowledge Base☆18Updated last month
- runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is base…☆36Updated last year
- Create file system symbolic links from low privileged user accounts within PowerShell☆90Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Repo containing my public talks☆22Updated last year
- Emulates the VirusTotal "vt" YARA module for livehunt rule debugging/testing☆21Updated last year