A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings…

🦆 Malduck is your ducky companion in malware analysis journeys

Collaborative forensic timeline analysis

Malcom - Malware Communications Analyzer

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

Cortex XDR Config Extractor

A full analysis report detailing as much as possible of a Malware or a Threat

This project aims to compare and evaluate the telemetry of various EDR products.

ETW based POC to identify direct and indirect syscalls

A dynamic unpacking tool

Strumenti di Acquisizione e Analisi di copie Forensi

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…

Detect EDR's exceptions by inspecting processes' loaded modules

A network sniffer that logs all DNS server replies for use in a passive DNS setup

Memory Scaner

纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY 的利用

Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…

Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!

An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

Try to find the origin IP of a webapp protected by Cloudflare.

RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that automates the creation of PE files, used to compromise ransomware pre-encryption.

Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)

DNSWatch - DNS Traffic Sniffer and Analyzer

ICMPWatch: ICMP Packet Sniffer

Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.

Useful resources for SOC Analyst and SOC Analyst candidates.

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent permission(s)