There are no reviews yet. Be the first to send feedback to the community and the maintainers!
commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.capa
The FLARE team's open-source tool to identify capabilities in executable files.flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.red_team_tool_countermeasures
flare-ida
IDA Pro utilities from FLARE teamflare-fakenet-ng
FakeNet-NG - Next Generation Dynamic Network Analysis Toolspeakeasy
Windows kernel and user mode emulation.SharPersist
ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.gocrack
GoCrack is a management frontend for password cracking tools written in Goflare-emu
stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.SilkETW
Mandiant-Azure-AD-Investigator
Azure_Workshop
sunburst_countermeasures
Ghidrathon
The FLARE team's open-source extension to add Python 3 scripting to Ghidra.capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programsReelPhish
iocs
FireEye Publicly Shared Indicators of Compromise (IOCs)DueDLLigence
FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability researchflare-wmi
GoReSym
Go symbol recovery toolrvmi
rVMI - A New Paradigm For Full System AnalysisPwnAuth
idawasm
IDA Pro loader and processor modules for WebAssemblyADFSpoof
SimplifyGraph
IDA Pro plugin to assist with complex graphsSTrace
A DTrace on Windows ReimplementationShimCacheParser
OfficePurge
msi-search
macos-UnifiedLogs
ioc_writer
GeoLogonalyzer
GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.Vulnerability-Disclosures
flare-kscldr
FLARE Kernel Shellcode Loaderflare-qdb
Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.flare-dbg
flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.thiri-notebook
The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.route-sixty-sink
Link sources to sinks in C# applications.VM-Packages
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.heyserial
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule typesdncil
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.flashmingo
Automatic analysis of SWF files based on some heuristics. Extensible via plugins.Reversing
ioc-scanner-CVE-2019-19781
Indicator of Compromise Scanner for CVE-2019-19781flare-bytecode_graph
gocrack-ui
The User Interface for GoCrackVolatility-Plugins
unicorn-libemu-shim
libemu shim layer and win32 environment for Unicorn Enginecitrix-ioc-scanner-cve-2023-3519
AuditParser
AuditParserremote_lookup
Resolves DLL API entrypoints for a process w/ remote query capabilities.synfulknock
SSSDKCMExtractor
jitm
JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.goauditparser
capa-testfiles
Data to test capa's code and rules.tf_rl_tutorial
Tutorial: Statistical Relational Learning with Google TensorFlowmacOS-tools
apooxml
Generate YARA rules for OOXML documents.gootloader
Collection of scripts used to deobfuscate GOOTLOADER malware samples.pycommands
PyCommand Scripts for Immunity DebuggerARDvark
ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.rvmi-rekall
Rekall Forensics and Incident Response Framework with rVMI extensionsgocat
Provides access to libhashcatics_mem_collect
rvmi-qemu
QEMU with rVMI extensionsIDA_Pro_VoiceAttack_profile
win10_auto
pulsesecure_exploitation_countermeasures
rvmi-kvm
Linux-KVM with rVMI extensionspivy-report
Poison Ivy Appendix/Extrassiglib
DFUR-Splunk-App
The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.vbScript_deobfuscator
Help deobfuscate VBScriptflare-gsoc-2023
Supporting resources and documentation for FLARE @ Google Summer of Code 2023rpdebug_qnx
mandiant_managed_hunting
Azure Deployment Templates for Mandiant Managed Huningflare-floss-testfiles
Resources for testing FLOSS by the FLARE team.shelidate
Love Open Source and this site? Check out how you can help us