airbus-cert/PSTrace

Stars
39
Rank 690,429 (Top 14 %)
Language
C
License
Apache License 2.0
Created almost 5 years ago
Updated over 4 years ago

airbus-cert/PSTrace

airbus-cert

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Trace ScriptBlock execution for powershell v2

ttddbg

Time Travel Debugging IDA plugin

Winshark

A wireshark plugin to instrument ETW

Yagi

Yet Another Ghidra Integration for IDA

Invoke-Bof

Load any Beacon Object File using Powershell!

comida

An IDA Plugin that help analyzing module that use COM

regrippy

A modern Python-3-based alternative to RegRipper

etl-parser

Event Trace Log file parser in pure Python

yara-ttd

Use YARA rules on Time Travel Debugging traces

vbSparkle

VBScript & VBA source-to-source deobfuscator with partial-evaluation

ntTraceControl

Powershell Event Tracing Toolbox

CVE-2024-4040

Scanner for CVE-2024-4040

etwbreaker

An IDA plugin to deal with Event Tracing for Windows (ETW)

minusone

Powershell Linter

tree-sitter-powershell

Powershell grammar for tree-sitter

dnYara

A multi-platform .Net wrapper library for the native Yara library.

timeliner

A rewrite of mactime, a bodyfile reader

Splunk-ETW

A Splunk Technology Add-on to forward filtered ETW events.

cacdec

The hidden mstsc recorder player

ttd2mdmp

Extract data of TTD trace file to a minidump

dirtypipe-ebpf_detection

An eBPF detection program for CVE-2022-0847

mispy

Another MISP module for Python

mispgo

Golang library for MISP

usnrs

USN Journal parsing software and library

bodyfile

A bodyfile parsing library

nix-forensics

Reproducible forensics environment, 100% of the time

skyblue.team