williballenthin / python-evt
Pure Python parser for classic Windows Event Log files (.evt)
☆47Updated last year
Related projects: ⓘ
- Listen for usb devices and automatically submit all files on device to cuckoo☆12Updated 7 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆52Updated 6 years ago
- A short and small memory forensics helper.☆52Updated 6 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 6 years ago
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆49Updated 7 years ago
- Volatility memory forensics plugin for extracting Windows DNS Cache☆28Updated 7 years ago
- Carves EXEs from given data files, using intelligent carving based upon PE headers☆36Updated 7 years ago
- Generate a Yara rule to find base64-encoded files containg a specific keyword☆39Updated 6 years ago
- ☆68Updated 7 years ago
- ☆27Updated 6 years ago
- Python tool and library to help analyze files during malware triage and analysis.☆77Updated 4 years ago
- Handy scripts to speed up malware analysis☆35Updated 11 months ago
- ☆19Updated 6 years ago
- hopefully a source-to-source deobfuscator, aiming at deobfuscating common scripts languages such as Powershell, VBA and Javascript. Curre…☆40Updated 5 years ago
- Event Log Analysis Tools☆28Updated 7 years ago
- Generate bulk YARA rules from YAML input☆21Updated 4 years ago
- Volatility Plugins☆21Updated 9 years ago
- Python OpenIOC Editor☆17Updated 8 years ago
- A collection of my public YARA signatures for various malware families☆28Updated last month
- A collection of Volatility Framework plugins.☆26Updated 11 years ago
- Scan web server for known webshell names and responses☆50Updated 8 years ago
- Recover event log entries from an image by heurisitically looking for record structures.☆25Updated 8 years ago
- Volatility Framework plugin to detect various types of hooks as performed by banking Trojans☆40Updated 5 years ago
- Telsy CTI Research Team☆57Updated 3 years ago
- A Maltego transform for VirusTotal Submitter Information☆30Updated 5 years ago
- Plugins to add funtionality to ProcDOT. http://www.procdot.com☆22Updated 11 months ago
- Extract GUIDs from .NET assemblies☆21Updated 8 years ago
- Binarly SDK v1☆13Updated 7 years ago
- ☆64Updated this week