Airbus CERT

ttddbg

Time Travel Debugging IDA plugin

Winshark

A wireshark plugin to instrument ETW

Yagi

Yet Another Ghidra Integration for IDA

Invoke-Bof

Load any Beacon Object File using Powershell!

comida

An IDA Plugin that help analyzing module that use COM

regrippy

A modern Python-3-based alternative to RegRipper

yara-ttd

Use YARA rules on Time Travel Debugging traces

ntTraceControl

Powershell Event Tracing Toolbox

vbSparkle

VBScript & VBA source-to-source deobfuscator with partial-evaluation

etwbreaker

An IDA plugin to deal with Event Tracing for Windows (ETW)

CVE-2024-4040

Scanner for CVE-2024-4040

minusone

Script deobfuscator

dnYara

A multi-platform .Net wrapper library for the native Yara library.

timeliner

A rewrite of mactime, a bodyfile reader

dirtypipe-ebpf_detection

An eBPF detection program for CVE-2022-0847

ttd2mdmp

Extract data of TTD trace file to a minidump

tree-sitter-powershell

Powershell grammar for tree-sitter

usnrs

USN Journal parsing software and library

MISP

MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

bodyfile

A bodyfile parsing library

tree-sitter

An incremental parsing system for programming tools

awesome-ida-x64-olly-plugin

A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.

ghidra

Ghidra is a software reverse engineering (SRE) framework

skyblue.team

Our website

tree-sitter-traversal

Traversal of tree-sitter Trees and any arbitrary tree with a TreeCursor-like interface

ttd-bindings

Bindings for Microsoft WinDBG TTD

dnMisp

dnMisp is a simple, MISP Rest API consumer .Net Standard 2.0 library.

libpcap

the LIBpcap interface to various kernel packet capture mechanism

SysmonCommon

The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.

SysmonForLinux