Various public documents, whitepapers and articles about APT campaigns
https://github.com/kbandla/APTnotes
https://github.com/kbandla/APTnotes
GitHub
GitHub - kbandla/APTnotes: Various public documents, whitepapers and articles about APT campaigns
Various public documents, whitepapers and articles about APT campaigns - kbandla/APTnotes
Standard Windows processes: a brief reference
https://www.andreafortuna.org/2017/06/15/standard-windows-processes-a-brief-reference/
https://www.andreafortuna.org/2017/06/15/standard-windows-processes-a-brief-reference/
Andrea Fortuna
Standard Windows processes: a brief reference
Useful in forensics analysis and incident response During the analysis phase, after (for example) a system compromization, is very important to know the standard Windows processes, in order to have a ‘baseline’ useful to make a ‘diff’ with the compromised…
DynamoRIO
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc.
https://github.com/DynamoRIO/dynamorio
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc.
https://github.com/DynamoRIO/dynamorio
GitHub
GitHub - DynamoRIO/dynamorio: Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform. Contribute to DynamoRIO/dynamorio development by creating an account on GitHub.
sysmon-modular
a sysmon configuration repository for everybody to customise
https://github.com/olafhartong/sysmon-modular
a sysmon configuration repository for everybody to customise
https://github.com/olafhartong/sysmon-modular
sysmon-config
a sysmon configuration file for everybody to fork
https://github.com/SwiftOnSecurity/sysmon-config
a sysmon configuration file for everybody to fork
https://github.com/SwiftOnSecurity/sysmon-config
GitHub
GitHub - SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
Sysmon configuration file template with default high-quality event tracing - SwiftOnSecurity/sysmon-config
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
https://github.com/yampelo/beagle
https://github.com/yampelo/beagle
GitHub
GitHub - yampelo/beagle: Beagle is an incident response and digital forensics tool which transforms security logs and data into…
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. - yampelo/beagle
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
https://github.com/fireeye/capa
https://github.com/fireeye/capa
GitHub
GitHub - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa
Forwarded from Ghidra (SRE)
noscript will annotate and bookmark the code with tags produced by tool Tiny Tracer
https://github.com/Dump-GUY/ghidra_noscripts
https://github.com/Dump-GUY/ghidra_noscripts
GitHub
GitHub - Dump-GUY/ghidra_noscripts
Contribute to Dump-GUY/ghidra_noscripts development by creating an account on GitHub.