There are no reviews yet. Be the first to send feedback to the community and the maintainers!
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.capa
The FLARE team's open-source tool to identify capabilities in executable files.flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.red_team_tool_countermeasures
flare-ida
IDA Pro utilities from FLARE teamflare-fakenet-ng
FakeNet-NG - Next Generation Dynamic Network Analysis Toolspeakeasy
Windows kernel and user mode emulation.SharPersist
ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.gocrack
GoCrack is a management frontend for password cracking tools written in Goflare-emu
stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.SilkETW
Mandiant-Azure-AD-Investigator
Azure_Workshop
sunburst_countermeasures
Ghidrathon
The FLARE team's open-source extension to add Python 3 scripting to Ghidra.capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programsReelPhish
iocs
FireEye Publicly Shared Indicators of Compromise (IOCs)DueDLLigence
FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability researchflare-wmi
GoReSym
Go symbol recovery toolrvmi
rVMI - A New Paradigm For Full System AnalysisPwnAuth
idawasm
IDA Pro loader and processor modules for WebAssemblyADFSpoof
SimplifyGraph
IDA Pro plugin to assist with complex graphsSTrace
A DTrace on Windows ReimplementationShimCacheParser
OfficePurge
msi-search
macos-UnifiedLogs
ioc_writer
GeoLogonalyzer
GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.Vulnerability-Disclosures
flare-kscldr
FLARE Kernel Shellcode Loaderflare-qdb
Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.flare-dbg
flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.thiri-notebook
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.route-sixty-sink
Link sources to sinks in C# applications.VM-Packages
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.heyserial
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule typesdncil
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.Reversing
ioc-scanner-CVE-2019-19781
Indicator of Compromise Scanner for CVE-2019-19781flare-bytecode_graph
gocrack-ui
The User Interface for GoCrackVolatility-Plugins
unicorn-libemu-shim
libemu shim layer and win32 environment for Unicorn Enginecitrix-ioc-scanner-cve-2023-3519
AuditParser
AuditParserremote_lookup
Resolves DLL API entrypoints for a process w/ remote query capabilities.synfulknock
SSSDKCMExtractor
jitm
JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.goauditparser
capa-testfiles
Data to test capa's code and rules.tf_rl_tutorial
Tutorial: Statistical Relational Learning with Google TensorFlowmacOS-tools
apooxml
Generate YARA rules for OOXML documents.gootloader
Collection of scripts used to deobfuscate GOOTLOADER malware samples.pycommands
PyCommand Scripts for Immunity Debuggervocab_scraper
Vocabulary Scraper script used in FLARE's analysis of Russian-language Carbanak source codeARDvark
ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.rvmi-rekall
Rekall Forensics and Incident Response Framework with rVMI extensionsgocat
Provides access to libhashcatics_mem_collect
rvmi-qemu
QEMU with rVMI extensionsIDA_Pro_VoiceAttack_profile
win10_auto
pulsesecure_exploitation_countermeasures
rvmi-kvm
Linux-KVM with rVMI extensionspivy-report
Poison Ivy Appendix/Extrassiglib
DFUR-Splunk-App
The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.vbScript_deobfuscator
Help deobfuscate VBScriptflare-gsoc-2023
Supporting resources and documentation for FLARE @ Google Summer of Code 2023mandiant_managed_hunting
Azure Deployment Templates for Mandiant Managed Huningflare-floss-testfiles
Resources for testing FLOSS by the FLARE team.shelidate
Love Open Source and this site? Check out how you can help us