A library and cli tool to extract HWP files.

Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the volume.

A list of cyber-chef recipes and curated links

CLI tool for open source and threat intelligence

a recon tool that allows searching on URLs that are exposed via shortener services

Domain name permutation engine for detecting homograph phishing attacks, typo squatting, and brand impersonation

Awesome VirusTotal Intelligence Search Queries

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Sample queries for Advanced hunting in Microsoft 365 Defender

c2 traffic

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

Event Trace Log file parser in pure Python

Extract AutoIt scripts embedded in PE binaries

Fighting String Encryption in Android Malware

A repository of sysmon configuration modules

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Digital Forensics artifact repository

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods…

Static based decoders for malware samples

A modern Python-3-based alternative to RegRipper

Python tool and library for decrypting and encrypting MS Office files using passwords or other keys

Quickly debug shellcode extracted during malware analysis