unic0rn-team

unic0rn-team.github.io

slides

blog

capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

capa

The FLARE team's open-source tool to identify capabilities in executable files.

flare-floss

FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.

capa-testfiles

speakeasy

Windows kernel and user mode emulation.

flare-vm

flare-ida

IDA Pro utilities from FLARE team

BitsParser

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com

red_team_tool_countermeasures

sunburst_countermeasures

OfficePurge

flare-fakenet-ng

[Suspended] FakeNet-NG - Next Generation Dynamic Network Analysis Tool

ThreatPursuit-VM

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

safe-mail

safe-mail is a Docker service to help security teams safely interact with msg, eml, and documents

malwoverview

Malwoverview is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware sample, suspect URL and domains. Additionally, it allows to download and send samples to main online sandboxes.

ADFSDump

SharPersist

win10_volatility

An advanced memory forensics framework

win10_auto

formation-IR

ADFSpoof

docker

cyber-chef-recipes

A list of cyber-chef recipes

MindHacks

flare-wmi