rpochron

followers

following

stars

Reedo's starred repositories

awesome-threat-intelligence

A curated list of Awesome Threat Intelligence resources

Apache-2.08062 562 31

Malware

Course materials for Malware Analysis by RPISEC

flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Language:PythonApache-2.03245 132 479

DeepBlueCLI

Language:PowerShellGPL-3.02185 129 15

php-malware-finder

Detect potentially malicious PHP files

Language:PHPLGPL-3.01469 75 88

intelmq

IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol.

Language:PythonAGPL-3.0975 77 1224

Kam1n0-Community

The Kam1n0 Assembly Analysis Platform

Language:CApache-2.0615 51 48

DIE

Dynamic IDA Enrichment

Language:PythonMIT468 44 23

Shell-Detector

Shell Detector – is a application that helps you find and identify php/cgi(perl)/asp/aspx shells. Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

Language:Python402 37 15

cuckoo-modified

Modified edition of cuckoo

Language:Python394 72 352

CDQR

The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices

Language:PythonGPL-3.0333 30 26

DC3-MWCP

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, filenames, and mutex names.

Language:PythonNOASSERTION299 43 20

LoadDll

Better version of RunDll with GUI. This program allows you to load DLLs on Windows. You can select how to load the DLL. By direct Entry Point call (DllMain) or if you want to call directly an exported function of the DLL.

Language:Assembly233 30 5

SysAnalyzer

Automated malcode analysis system - read more ->

Language:Visual Basic 6.0222 28 6

elsa

Enterprise Log Search and Archive

Language:PerlGPL-2.0207 40 37

Malfunction

Malware Analysis Tool using Function Level Fuzzy Hashing

Language:PythonLGPL-2.1191 26 4

osq-ext-bin

Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection

Language:PowerShellNOASSERTION180 14 11

plaso_filters

Scripts to facilitate filtering with Plaso

GithubDownloader

Find and download files from multiple Github repositories

Language:PythonMIT99 26 2

ip2geo

Script to perform bulk local GeoIP lookups (ASN and geo) for IP addresses

Language:Python98 15 2

Volatility-Plugins

Language:Python82 280

ntfs-linker

An NTFS journal parser

Language:C++LGPL-3.082 19 1

r2-scripts

Multiple radare2 rpipe scripts

Language:JavaScriptLGPL-3.061 10 2

CIS-ESP

The Center for Internet Security Enumeration and Scanning Program

Language:PythonApache-2.058 180

vim-log-syntax

Vim syntax for log highlighting

Language:VimL55 3 3

tools

Various tools and scripts

Language:PythonMIT43 50

evtx2json

evtx2json extracts events of interest from event logs, dedups them, and exports them to json.

Language:PythonApache-2.041 6 2

YaraRules

Multiple rules for yara-project for detect compiler/packer/protector

Language:YARA33 130

nyx

Threat Intelligence distribution

Language:PythonMIT30 9 2

Google-Analytic-Parser

Parses for Google Analytic values in raw files like RAM, DD images etc.

Language:Python18 20