Giters
MANDIANT (mandiant)

MANDIANT

mandiant

Geek Repo

Home Page:http://www.mandiant.com

Github PK Tool:Github PK Tool

MANDIANT's repositories

red_team_tool_countermeasures

Language:YARALicense:BSD-2-ClauseStargazers:2631Issues:243Issues:12

ThreatPursuit-VM

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

Language:PowerShellLicense:NOASSERTIONStargazers:1198Issues:71Issues:39

flare-emu

Language:PythonLicense:Apache-2.0Stargazers:763Issues:38Issues:21

SilkETW

Language:C#License:Apache-2.0Stargazers:684Issues:42Issues:14

stringsifter

A machine learning tool that ranks strings based on their relevance for malware analysis.

Language:PythonLicense:Apache-2.0Stargazers:649Issues:30Issues:18

Azure_Workshop

Language:HCLLicense:Apache-2.0Stargazers:608Issues:15Issues:1

Mandiant-Azure-AD-Investigator

Language:PowerShellLicense:Apache-2.0Stargazers:602Issues:33Issues:13

sunburst_countermeasures

Language:YARALicense:BSD-2-ClauseStargazers:561Issues:116Issues:12

DueDLLigence

Language:C#License:Apache-2.0Stargazers:462Issues:19Issues:3

FIDL

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Language:PythonLicense:MITStargazers:443Issues:31Issues:12

flare-wmi

Language:C++License:Apache-2.0Stargazers:412Issues:60Issues:14

SimplifyGraph

IDA Pro plugin to assist with complex graphs

Language:C++License:Apache-2.0Stargazers:304Issues:25Issues:3

ShimCacheParser

Language:PythonLicense:Apache-2.0Stargazers:268Issues:35Issues:5

OfficePurge

Language:C#License:Apache-2.0Stargazers:257Issues:11Issues:1

ioc_writer

Language:PythonLicense:Apache-2.0Stargazers:199Issues:40Issues:5

flare-qdb

Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.

Language:PythonLicense:Apache-2.0Stargazers:163Issues:18Issues:15

thiri-notebook

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

Language:PythonLicense:Apache-2.0Stargazers:151Issues:10Issues:1

route-sixty-sink

Link sources to sinks in C# applications.

Language:C#License:Apache-2.0Stargazers:137Issues:4Issues:3

heyserial

Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types

Language:YARALicense:Apache-2.0Stargazers:134Issues:10Issues:0

flare-bytecode_graph

Language:PythonLicense:Apache-2.0Stargazers:83Issues:20Issues:1

goauditparser

Language:GoLicense:Apache-2.0Stargazers:42Issues:5Issues:1

apooxml

Generate YARA rules for OOXML documents.

Language:PythonLicense:Apache-2.0Stargazers:38Issues:5Issues:1

ARDvark

ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.

Language:PythonLicense:Apache-2.0Stargazers:34Issues:5Issues:0

pulsesecure_exploitation_countermeasures

Language:YARALicense:BSD-2-ClauseStargazers:23Issues:7Issues:4

siglib

Language:PythonLicense:Apache-2.0Stargazers:18Issues:6Issues:0

flare-gsoc-2023

Supporting resources and documentation for FLARE @ Google Summer of Code 2023

License:Apache-2.0Stargazers:13Issues:9Issues:0

vbScript_deobfuscator

Help deobfuscate VBScript

Language:VBALicense:Apache-2.0Stargazers:13Issues:3Issues:0

rpdebug_qnx

Language:PythonLicense:Apache-2.0Stargazers:12Issues:6Issues:1

mandiant_managed_hunting

Azure Deployment Templates for Mandiant Managed Huning

License:Apache-2.0Stargazers:10Issues:6Issues:0

yara

The pattern matching swiss knife

Language:CLicense:BSD-3-ClauseStargazers:1Issues:3Issues:0