-
flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
PowerShell ★ 8.8k 2d agoExplain → -
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
PowerShell ★ 7.7k 8mo agoExplain → -
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Python ★ 6.1k 1d agoExplain → -
flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Python ★ 4.1k 2d agoExplain → -
red_team_tool_countermeasures ▣
No description.
YARA ★ 2.7k 2y agoExplain → -
flare-ida ▣
IDA Pro utilities from FLARE team
Python ★ 2.5k 1y agoExplain → -
flare-fakenet-ng
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Python ★ 2.1k 23d agoExplain → -
speakeasy
Windows kernel and user mode emulation.
Python ★ 2.0k 1d agoExplain → -
SharPersist ▣
No description.
C# ★ 1.5k 2y agoExplain → -
ThreatPursuit-VM ▣
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
PowerShell ★ 1.3k 3y agoExplain → -
gocrack
GoCrack is a management frontend for password cracking tools written in Go
Go ★ 1.3k 7mo agoExplain → -
flare-learning-hub
Free educational content on reverse engineering and malware analysis from the FLARE team
JavaScript ★ 1.2k 2mo agoExplain → -
GoReSym
Go symbol recovery tool
Go ★ 1.0k 19d agoExplain → -
flare-emu
No description.
Python ★ 956 10mo agoExplain → -
SilkETW ▣
No description.
C# ★ 845 3y agoExplain → -
Ghidrathon ▣
The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
Java ★ 786 2y agoExplain → -
stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
Python ★ 757 3mo agoExplain → -
capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
★ 722 1d agoExplain → -
gopacket
Gopacket is a clean Go implementation of Impacket, a library intended for working with network protocols.
Go ★ 677 12d agoExplain → -
Mandiant-Azure-AD-Investigator ▣
No description.
PowerShell ★ 648 3y agoExplain → -
Azure_Workshop ▣
No description.
HCL ★ 614 3y agoExplain → -
sunburst_countermeasures ▣
No description.
YARA ★ 563 3y agoExplain → -
ReelPhish ▣
No description.
Python ★ 524 2y agoExplain → -
DueDLLigence ▣
No description.
C# ★ 484 3y agoExplain → -
iocs ▣
FireEye Publicly Shared Indicators of Compromise (IOCs)
★ 470 7y agoExplain → -
FIDL ▣
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
Python ★ 465 3y agoExplain → -
flare-wmi ▣
No description.
C++ ★ 434 3y agoExplain → -
ADFSpoof
No description.
Python ★ 418 4d agoExplain → -
PwnAuth
No description.
Python ★ 401 1mo agoExplain → -
ADFSDump ▣
No description.
C# ★ 385 2y agoExplain → -
STrace
A DTrace on Windows Reimplementation
C++ ★ 374 23d agoExplain → -
idawasm ▣
IDA Pro loader and processor modules for WebAssembly
Python ★ 372 7y agoExplain → -
macos-UnifiedLogs
A cross platform parser for Apple UnifiedLogs!
Rust ★ 360 11d agoExplain → -
rvmi ▣
rVMI - A New Paradigm For Full System Analysis
C ★ 359 8y agoExplain → -
SimplifyGraph ▣
IDA Pro plugin to assist with complex graphs
C++ ★ 321 3y agoExplain → -
xrefer
FLARE Team's Binary Navigator
Python ★ 319 9d agoExplain → -
msi-search ▣
No description.
C ★ 291 2y agoExplain → -
ShimCacheParser ▣
No description.
Python ★ 279 3y agoExplain → -
OfficePurge ▣
No description.
C# ★ 263 3y agoExplain → -
VM-Packages
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
PowerShell ★ 234 2d agoExplain → -
ccmpwn ▣
No description.
Python ★ 221 2y agoExplain → -
Vulnerability-Disclosures
No description.
C++ ★ 218 25d agoExplain → -
ioc_writer ▣
No description.
Python ★ 208 3y agoExplain → -
GeoLogonalyzer ▣
GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.
Python ★ 197 1y agoExplain → -
gostringungarbler ▣
Python tool to resolve all strings in Go binaries obfuscated by garble
Python ★ 193 1y agoExplain → -
cleanldap
No description.
C ★ 190 8mo agoExplain → -
dncil
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
Python ★ 176 5d agoExplain → -
flare-kscldr ▣
FLARE Kernel Shellcode Loader
C ★ 175 7y agoExplain → -
flare-qdb ▣
Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.
Python ★ 164 3y agoExplain → -
harbinger
No description.
Python ★ 156 21h agoExplain → -
thiri-notebook ▣
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.
Python ★ 154 4y agoExplain → -
route-sixty-sink ▣
Link sources to sinks in C# applications.
C# ★ 151 3y agoExplain → -
flare-dbg ▣
flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.
Python ★ 149 8y agoExplain → -
heyserial ▣
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
YARA ★ 142 3y agoExplain → -
flashmingo ▣
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.
Python ★ 120 7y agoExplain → -
Reversing ▣
No description.
★ 108 9y agoExplain → -
win10_volatility ⑂ ▣
An advanced memory forensics framework
Python ★ 95 6y agoExplain → -
ioc-scanner-CVE-2019-19781 ▣
Indicator of Compromise Scanner for CVE-2019-19781
Shell ★ 94 6y agoExplain → -
gocrack-ui
The User Interface for GoCrack
Vue ★ 91 10d agoExplain → -
brickstorm-scanner
No description.
Shell ★ 88 7mo agoExplain → -
flare-bytecode_graph ▣
No description.
Python ★ 85 3y agoExplain → -
Volatility-Plugins ▣
No description.
Python ★ 84 10y agoExplain → -
poisonplug-scatterbrain ▣
Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator
Python ★ 83 1y agoExplain → -
gootloader
Collection of scripts used to deobfuscate GOOTLOADER malware samples.
Python ★ 80 5mo agoExplain → -
unicorn-libemu-shim ▣
libemu shim layer and win32 environment for Unicorn Engine
C++ ★ 73 9y agoExplain → -
citrix-ioc-scanner-cve-2023-3519 ▣
No description.
Shell ★ 65 2y agoExplain → -
SSSDKCMExtractor ▣
No description.
Python ★ 61 2y agoExplain → -
AuditParser ▣
AuditParser
Python ★ 60 12y agoExplain → -
remote_lookup ▣
Resolves DLL API entrypoints for a process w/ remote query capabilities.
Visual Basic ★ 58 9y agoExplain → -
jitm ▣
JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
C++ ★ 57 5y agoExplain → -
flare-gsoc
Supporting resources and documentation for FLARE @ Google Summer of Code 2026
★ 53 4mo agoExplain → -
capa-testfiles
Data to test capa's code and rules.
Max ★ 49 10d agoExplain → -
synfulknock ▣
No description.
Lua ★ 49 10y agoExplain → -
goauditparser ▣
No description.
Go ★ 46 3y agoExplain → -
macOS-tools ▣
No description.
Python ★ 44 9y agoExplain → -
tf_rl_tutorial ▣
Tutorial: Statistical Relational Learning with Google TensorFlow
Jupyter Notebook ★ 40 10y agoExplain → -
vocab_scraper ▣
Vocabulary Scraper script used in FLARE's analysis of Russian-language Carbanak source code
Python ★ 38 7y agoExplain → -
apooxml ▣
Generate YARA rules for OOXML documents.
Python ★ 38 3y agoExplain → -
pycommands ▣
PyCommand Scripts for Immunity Debugger
Python ★ 37 12y agoExplain → -
win10_rekall ⑂ ▣
Rekall Memory Forensic Framework
Python ★ 36 6y agoExplain → -
ARDvark ▣
ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
Python ★ 36 3y agoExplain → -
rvmi-rekall ▣
Rekall Forensics and Incident Response Framework with rVMI extensions
Python ★ 33 5y agoExplain → -
ics_mem_collect ▣
No description.
Python ★ 31 9y agoExplain → -
gocat ▣
Provides access to libhashcat
Go ★ 30 2y agoExplain → -
siglib ▣
No description.
Python ★ 26 5y agoExplain → -
IDA_Pro_VoiceAttack_profile ▣
No description.
Python ★ 26 6y agoExplain → -
rvmi-qemu ▣
QEMU with rVMI extensions
C ★ 25 9y agoExplain → -
win10_auto ▣
No description.
Python ★ 24 6y agoExplain → -
vivisect ⑂ ▣
pure Python binary analysis framework
Python ★ 23 7y agoExplain → -
pulsesecure_exploitation_countermeasures ▣
No description.
YARA ★ 23 3y agoExplain → -
rvmi-kvm ▣
Linux-KVM with rVMI extensions
C ★ 22 8y agoExplain → -
vbScript_deobfuscator ▣
Help deobfuscate VBScript
VBA ★ 18 4y agoExplain → -
pivy-report ▣
Poison Ivy Appendix/Extras
★ 18 13y agoExplain → -
flare-gsoc-2023 ▣
Supporting resources and documentation for FLARE @ Google Summer of Code 2023
★ 16 3y agoExplain → -
rpdebug_qnx ▣
No description.
Python ★ 14 3y agoExplain → -
vcsa-hardening-tool
Automated Zero Trust hardening and forensic auditing for VMware vCenter Server Appliance (VCSA)
Shell ★ 13 2mo agoExplain → -
DFUR-Splunk-App ▣
The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.
★ 13 5y agoExplain → -
mandiant_managed_hunting ▣
Azure Deployment Templates for Mandiant Managed Huning
★ 12 3y agoExplain → -
shelidate ▣
No description.
Go ★ 11 1y agoExplain → -
flare-floss-testfiles
Resources for testing FLOSS by the FLARE team.
C ★ 7 10d agoExplain → -
yara ⑂ ▣
The pattern matching swiss knife
C ★ 4 3y agoExplain → -
vsphere-cloud-plugin ⑂ ▣
No description.
Java ★ 2 12y agoExplain → -
vrt-sdk
No description.
Python ★ 1 6mo agoExplain → -
vrt-auto
No description.
Python ★ 1 9mo agoExplain →
No repos match these filters.