A repository of DFIR-related Mind Maps geared towards the visual learners!

The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifa…

Here are some of my malware reversing papers that I will be publishing

IATelligence is a Python script that will extract the IAT of a PE file and request GPT to get more information about the API and the ATT&CK matrix related

ReversingLabs YARA Rules

A curated list of awesome YARA rules, tools, and people.

Fast Static File Analysis Framework

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquir…

📚 Freely available programming books

A machine learning tool that ranks strings based on their relevance for malware analysis.

A VBA p-code disassembler

Some Powershell scripts, functions, stuff

Python script to decode common encoded PowerShell scripts

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…

Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)

An advanced Twitter scraping & OSINT tool written in Python that doesn't use Twitter's API, allowing you to scrape a user's followers, following, Tweets and more while evading most API limitations.

Small and highly portable detection tests based on MITRE's ATT&CK.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

ATT&CK Remote Threat Hunting Incident Response

A modular bug hunting and web application pentesting framework written in Go

Chrome DevTools Protocol

This repository serves as a place for community created Targets and Modules for use with KAPE.

Active Directory password filter featuring breached password checking and custom complexity rules

PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.

Digital Forensics artifact repository

In-depth attack surface mapping and asset discovery

Fast passive subdomain enumeration tool.

pcqf (PC Quick Forensics) helps quickly gathering forensic evidence from Windows, Mac, and Linux systems, in order to identify potential traces of compromise.