ghidra by NationalSecurityAgency

Ghidra is a software reverse engineering (SRE) framework

updated at Nov. 24, 2024, 8:38 a.m.

1,038 +1

52,058 +194

5,899 +6

IRM by certsocietegenerale

Incident Response Methodologies 2022

updated at Nov. 24, 2024, 8:01 a.m.

44 +0

980 +2

160 +0

CAPEv2 by kevoreilly

Malware Configuration And Payload Extraction

updated at Nov. 24, 2024, 7:59 a.m.

65 +0

2,017 +6

425 +0

cutter by rizinorg

Free and Open Source Reverse Engineering Platform powered by rizin

updated at Nov. 24, 2024, 7:58 a.m.

305 +0

15,905 +20

1,150 +0

Aurora-Incident-Response by cyb3rfox

Incident Response Documentation made easy. Developed by Incident Responders for Incident Responders

updated at Nov. 24, 2024, 7:47 a.m.

42 +0

769 +3

81 +0

DidierStevensSuite by DidierStevens

Please no pull requests for this repository. Thanks!

updated at Nov. 24, 2024, 6:37 a.m.

128 +1

2,029 +6

531 +0

volatility by volatilityfoundation

An advanced memory forensics framework

updated at Nov. 24, 2024, 6:27 a.m.

310 +1

7,364 +15

1,282 +2

radare2 by radareorg

UNIX-like reverse engineering framework and command-line toolset

updated at Nov. 24, 2024, 5:30 a.m.

489 +1

20,749 +39

3,007 +1

awesome-forensics by cugu

⭐️ A curated list of awesome forensic analysis tools and resources

updated at Nov. 24, 2024, 5:25 a.m.

174 +0

4,003 +8

625 +2

hayabusa by Yamato-Security

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

updated at Nov. 24, 2024, 5:02 a.m.

42 +0

2,317 +12

203 +0

ThreatHunter-Playbook by OTRF

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

updated at Nov. 24, 2024, 3:54 a.m.

373 +1

4,032 +9

810 +3

capa by mandiant

The FLARE team's open-source tool to identify capabilities in executable files.

updated at Nov. 24, 2024, 3:10 a.m.

82 +0

4,886 +11

564 +4

sigma by SigmaHQ

Main Sigma Rule Repository

updated at Nov. 24, 2024, 2:44 a.m.

345 -1

8,397 +28

2,206 +8

rizin by rizinorg

UNIX-like reverse engineering framework and command-line toolset.

updated at Nov. 24, 2024, 2:20 a.m.

47 +0

2,711 +1

363 +0

dissect by fox-it

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

updated at Nov. 24, 2024, 2:13 a.m.

22 +0

928 +4

65 +0

metta by uber-common

An information security preparedness tool to do adversarial simulation.

updated at Nov. 24, 2024, 2:02 a.m.

75 +0

1,103 +2

151 +0

hostintel by keithjjones

A modular Python application to collect intelligence for malicious hosts.

updated at Nov. 24, 2024, 1:53 a.m.

30 +0

263 +1

51 +0

EVTX-ATTACK-SAMPLES by sbousseaden

Windows Events Attack Samples

updated at Nov. 24, 2024, 1:24 a.m.

143 +0

2,254 +6

399 +1

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at Nov. 24, 2024, 1:01 a.m.

200 +0

6,613 +25

922 +3

cuckoo-modified by spender-sandbox

Modified edition of cuckoo

updated at Nov. 23, 2024, 11:50 p.m.

72 +0

395 +0

178 +0