Pinned Repositories
KAPE-Automation
Lyman
Lyman’s purpose is to aid in the creation of .cstruct files. These files help to parse OneDrive logs into their components which can lead to better log decryption. By focusing on the data rather than trying to learn how to construct these files, it becomes easier to extract data that otherwise might be missed or misinterpreted.
ODEFiles
cstruct files are yaml based files with cstruct definitions in them. They act as a map on how the log entry should be parsed and eliminating garbage data that would otherwise pose an issue when it comes to de-obfuscation.
OneDriveExplorer
OneDriveExplorer is a command line and GUI based application for reconstructing the folder structure of OneDrive from the <UserCid>.dat and <UserCid>.dat.previous file.
Personal-Vault-BEK
Script to automate saving OneDrive PersonalVault BEK file
ProcDOT-Plugins
Plugins to add funtionality to ProcDOT. http://www.procdot.com
pystemon
Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon
Redline-Process-Tree-Report
Graphical representation of processes from Redline
SEPparser
Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.
walitean
Beercow's Repositories
Beercow/Redline-Process-Tree-Report
Graphical representation of processes from Redline
Beercow/pystemon
Monitoring tool for PasteBin-alike sites written in Python. Inspired by pastemon http://github.com/xme/pastemon
Beercow/pylnker
This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.
Beercow/WMI_Forensics
Beercow/AIL-framework
AIL framework - Analysis Information Leak framework
Beercow/berryio
Web Browser based control system for the RaspberryPi
Beercow/BloodHound
Six Degrees of Domain Admin
Beercow/Circlean
USB key cleaner
Beercow/CrazyParser
Parse URLCrazy and dnstwist output and compare against previous runs to identify new typosquatted domains.
Beercow/cryptowall
Cryptowall Tooling & Information
Beercow/cryptowall_v3
A repository of scripts and files related to the CryptoWall version 3 threat
Beercow/Download-IOCBucket
Python program to download IOCBucket.com IOC and YARA files
Beercow/ekdeco
Scripts for dealing with various ek's
Beercow/ELAT
Event Log Analysis Tools
Beercow/eqgrp-free-file
Free sampling of files from the purported Equation Group hack.
Beercow/evolve
Web interface for the Volatility Memory Forensics Framework
Beercow/Forensics
Scripts and code referenced in CrowdStrike blog posts
Beercow/GithubDownloader
Find and download files from multiple Github repositories
Beercow/KeeThief
Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.
Beercow/malicious-domain-profiling
Automatically exported from code.google.com/p/malicious-domain-profiling
Beercow/Malware
Course materials for Malware Analysis by RPISEC
Beercow/peframe
PEframe is a open source tool to perform static analysis on (portable executable) malware.
Beercow/pinn
An enhanced Operating System installer for the Raspberry Pi
Beercow/Powershell
Container for powershell scripts
Beercow/qemu
qemu with Raspberry Pi 2 and Windows on ARM support
Beercow/qemu-rpi-kernel
Qemu kernel for emulating Rpi on QEMU
Beercow/ShimCacheParser
Beercow/sysmon-dfir
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Beercow/tcpflow
TCP/IP packet demultiplexer
Beercow/viper
Binary analysis framework