Greg Copenhaver's repositories
aflsmart
Smart Greybox Fuzzing
ja3
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
yeti
Your Everyday Threat Intelligence
AmIInfected
Yara scanner that enumerates process memory and then scans it for yara sigs. Not very user friendly currently
fame
FAME Automates Malware Evaluation
Capstone.NET
.NET Core and .NET Framework binding for the Capstone Disassembly Framework
FIR
Fast Incident Response
apiscout
This project aims at simplifying Windows API import recovery on arbitrary memory dumps
bincat
Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection
ida-yara-processor
IDA Processor for Compiled YARA Rules
Orc
Orc is a post-exploitation framework for Linux written in Bash
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
yago
YaGo, converting Yara rules into JSON files.
TheHive4py
Python API Client for TheHive
Stardust-PowerShell
Comae Stardust PowerShell Interface
vti-dorks
Awesome VirusTotal Intelligence Search Queries
strelka
Scanning files at scale with Python and ZeroMQ
RATDecoders
Python Decoders for Common Remote Access Trojans
emotet-configs
emotet configs pulled from https://cape.contextis.com/
RedELK
Red Team's SIEM - easy deployable tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
GTFOBins.github.io
Curated list of Unix binaries that can be exploited to bypass system security restrictions
artifacts
Digital Forensics Artifact Repository
hashcat
World's fastest and most advanced password recovery utility
sysmon-config
Sysmon configuration file template with default high-quality event tracing
awesome-web-security
🐶 A curated list of Web Security materials and resources.
metasploit-framework
Metasploit Framework
yara_tools
Create an entire YARA rule via Python? Whhhhhhaatttt?
capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, EVM, M68K, M680X, MOS65xx, Mips, PPC, Sparc, SystemZ, TMS320C64x, X86, X86_64, XCore) + bindings (Python, Java, Ocaml, PowerShell, Visual Basic)
frida
Clone this repo to build Frida