Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

C 2,105 265 Updated Feb 10, 2025

mentebinaria / retoolkit

Reverse Engineer's Toolkit

Inno Setup 4,886 507 Updated Apr 14, 2024

accidentalrebel / shcode2exe

Compile shellcode into an exe file from Windows or Linux.

Python 60 13 Updated Mar 2, 2021

odedshimon / BruteShark

Network Analysis Tool

C# 3,182 352 Updated Apr 10, 2023

mandiant / speakeasy

Windows kernel and user mode emulation.

Python 1,574 236 Updated Apr 12, 2024

Sec-Soup / Python-ToolBox

Python 5 1 Updated Mar 13, 2022

mlgualtieri / NTLMRawUnHide

NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supporte…

Python 330 67 Updated Nov 13, 2023

DissectMalware / XLMMacroDeobfuscator

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

Python 575 116 Updated May 5, 2024

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

Python 2,418 372 Updated Jan 31, 2025

nazywam / AutoIt-Ripper

Extract AutoIt scripts embedded in PE binaries

Python 179 35 Updated Jul 15, 2024

decalage2 / ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.

Python 1,069 187 Updated Jul 10, 2024

redcanaryco / chain-reactor

Chain Reactor is an open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints.

C 299 32 Updated Nov 6, 2024

nshalabi / SysmonTools

Utilities for Sysmon

1,499 204 Updated May 23, 2024

thalium / icebox

Virtual Machine Introspection, Tracing & Debugging

C++ 570 87 Updated Feb 22, 2022

threat-hunting / awesome_Threat-Hunting

A curated list of the most important and useful resources about Threat Detection,Hunting and Intelligence.

554 113 Updated Mar 24, 2023

ckane / CS7038-Malware-Analysis

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

HTML 770 182 Updated Oct 28, 2024

NextronSystems / APTSimulator

A toolset to make a system look as if it was the victim of an APT attack

Batchfile 2,519 434 Updated Jun 16, 2023

redcanaryco / atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

C 10,163 2,855 Updated Feb 13, 2025

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

PowerShell 881 204 Updated Feb 10, 2025

malrev / ABD

Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories

Jupyter Notebook 1,107 175 Updated Nov 14, 2020

SigmaHQ / sigma

Main Sigma Rule Repository

Python 8,695 2,265 Updated Feb 15, 2025

JPCERTCC / ToolAnalysisResultSheet

Tool Analysis Result Sheet

HTML 347 71 Updated Dec 4, 2017

JPCERTCC / LogonTracer

Investigate malicious Windows logon by visualizing and analyzing Windows event log

Python 2,824 451 Updated Jun 21, 2024

randomuserid / Tylium

Primary data pipelines for intrusion detection, security analytics and threat hunting

86 10 Updated Jan 9, 2022

Tib3rius / AutoRecon

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Python 5,309 896 Updated Jun 10, 2024

trustedsec / ptf

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Python 5,224 1,243 Updated Sep 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

modra76

Block or report modra76

Stars

splunk / attack-detections-collector

ufrisk / MemProcFS

WithSecureLabs / chainsaw

qilingframework / qiling

hasherezade / hollows_hunter