• Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.

    Python 61 12 Apache-2.0 Updated Aug 11, 2018
  • C++ 228 54 Apache-2.0 Updated Jul 23, 2018
  • PowerShell 735 128 Apache-2.0 Updated Jul 10, 2018
  • FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.

    Python 1,035 186 Apache-2.0 Updated Jul 9, 2018
  • ETW Python Library

    Python 87 15 Apache-2.0 Updated Jul 6, 2018
  • FakeNet-NG - Next Generation Dynamic Network Analysis Tool

    Python 713 165 Apache-2.0 Updated Jun 28, 2018
  • GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.

    Python 122 21 Updated Jun 3, 2018
  • Python 106 15 Apache-2.0 Updated May 21, 2018
  • The User Interface for GoCrack

    Vue 28 18 MIT Updated May 2, 2018
  • GoCrack is a management frontend for password cracking tools written in Go

    Go 726 160 MIT 2 issues need help Updated May 2, 2018
  • FLARE Kernel Shellcode Loader

    C 44 16 Apache-2.0 Updated Apr 23, 2018
  • IDA Pro utilities from FLARE team

    Python 718 234 Apache-2.0 Updated Mar 31, 2018
  • Python 294 60 GPL-3.0 Updated Feb 7, 2018
  • Rekall Forensics and Incident Response Framework with rVMI extensions

    Python 13 4 GPL-2.0 Updated Feb 6, 2018
  • IDA Pro plugin to assist with complex graphs

    C++ 145 20 Apache-2.0 Updated Jan 29, 2018
  • Bro PCAP Processing and Tagging API

    Python 20 1 Apache-2.0 Updated Nov 9, 2017
  • flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.

    Python 112 35 Updated Oct 5, 2017
  • rVMI - A New Paradigm For Full System Analysis

    C 282 40 GPL-2.0 Updated Oct 4, 2017
  • Linux-KVM with rVMI extensions

    C 10 7 Updated Aug 28, 2017
  • QEMU with rVMI extensions

    C 14 5 Updated Jul 25, 2017
  • Resolves DLL API entrypoints for a process w/ remote query capabilities.

    Visual Basic 47 13 Updated Jun 23, 2017
  • SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.

    PowerShell 362 76 Updated May 17, 2017
  • libemu shim layer and win32 environment for Unicorn Engine

    C++ 40 10 Updated Apr 14, 2017
  • Python 9 7 Updated Feb 27, 2017
  • Python 9 1 Updated Feb 15, 2017
  • A Coq Library for Efficiently Executable Sets

    HTML 1 3 LGPL-2.1 Updated Nov 26, 2016
  • Python 48 16 Apache-2.0 Updated Oct 17, 2016
  • Python 47 16 Updated Jul 5, 2016
  • FireEye Publicly Shared Indicators of Compromise (IOCs)

    304 73 Apache-2.0 Updated Jun 2, 2016
  • JavaScript 1 2 Updated May 17, 2016