ignacioj

mftf

$MFT parser (from live systems or a copy of the $MFT) and raw file copy utility

WhacAMole

Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.

regkeval

Malware detection in registry using a baseline

RATDecoders

Python Decoders for Common Remote Access Trojans

TangledWinExec

C# PoCs for investigation of Windows process execution techniques

WMIParserStr

WMI OBJECTS.DATA parser

Advanced-Process-Injection-Workshop

APT_CyberCriminal_Campagin_Collections

APT & CyberCriminal Campaign Collection

DLLHiding

Hiding x32/x64 Modules/DLLs using PEB

EvasiveProcessHollowing

Evasive Process Hollowing Techniques

RC4_Encrypt-Decrypt

RC4 encryption and decryption tool (c#)

ignacioj

injection

mellivora

Mellivora is a CTF engine written in PHP

Registry_Service_triggers

Extract service triggers from SYSTEM registry.

RegRipper2.8

RegRipper version 2.8

systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

TamperETW

PoC to demonstrate how CLR ETW events can be tampered.

TekDefense-Automater

Automater - IP URL and MD5 OSINT Analysis

wmi-parser

Parses the WMI object database....looking for persistence