Stars
A repository of DFIR-related Mind Maps geared towards the visual learners!
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…
Here are some of my malware reversing papers that I will be publishing
IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related
A curated list of awesome YARA rules, tools, and people.
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquir…
📚 Freely available programming books
A machine learning tool that ranks strings based on their relevance for malware analysis.
Some Powershell scripts, functions, stuff
Python script to decode common encoded PowerShell scripts
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.
Small and highly portable detection tests based on MITRE's ATT&CK.
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
ATT&CK Remote Threat Hunting Incident Response
A modular bug hunting and web application pentesting framework written in Go
Chrome DevTools Protocol
This repository serves as a place for community created Targets and Modules for use with KAPE.
Active Directory password filter featuring breached password checking and custom complexity rules
PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.
Digital Forensics artifact repository
In-depth attack surface mapping and asset discovery
Fast passive subdomain enumeration tool.
pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.