SentinelLabs

Pinned Repositories

aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
Language:Objective-C62 10 010
AlphaGolang
IDApython Scripts for Analyzing Golang Binaries
Language:Python567 17 163
Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
Language:Python15 2 02
log4j_response
Language:Python15 7 05
macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
Language:YARA39 2 02
Memloader
Memory Loader Open Source Project by Sentinel-Labs.
Language:C++20 5 211
PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
Language:PowerShell18 5 04
S1QL-Queries
50 14 011
SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
Language:PowerShell88 8 222
XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
Language:YARA82 15 06

SentinelLabs's Repositories

SentineLabs/AlphaGolang
IDApython Scripts for Analyzing Golang Binaries
Language:Python567 17 163
SentineLabs/SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
Language:PowerShell88 8 222
SentineLabs/XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
Language:YARA82 15 06
SentineLabs/aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
Language:Objective-C62 10 010
SentineLabs/S1QL-Queries
50 14 011
SentineLabs/macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
Language:YARA39 2 02
SentineLabs/Memloader
Memory Loader Open Source Project by Sentinel-Labs.
Language:C++20 5 211
SentineLabs/PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
Language:PowerShell18 5 04
SentineLabs/Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
Language:Python15 2 02
SentineLabs/log4j_response
Language:Python15 7 05
SentineLabs/VTgrepGHIDRA
Language:Java12 2 02
SentineLabs/TrickBot-Anchor
This is a repository for the public blog with Labs indicators of compromise.
10 5 02
SentineLabs/aeon
Repository containing Aeon Timeline templates and example projects
7 2 01
SentineLabs/SolarWinds_Countermeasures
This tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine.
Language:C#5 7 01
SentineLabs/Gamaredon-APT
This is a collection of relevant indicators of compromise for the main blog.
4 3 02
SentineLabs/TrickBot-Deobfuscator
Code and data related to TrickBot-Deobfuscator blog
Language:Python4 4 03
SentineLabs/Yara
Public SentinelLabs Yara Rules
Language:YARA3 2 01
SentineLabs/aoqin_dragon
Language:Python2 2 00
SentineLabs/IOCs
A Collection of IOC's
2 6 00
SentineLabs/Shadowpad
Technical Indicators for SentinelLabs ShadowPad research
2 4 01
SentineLabs/Crypt1_IOCs
Massive unpacking of CryptOne samples
1 2 00
SentineLabs/meteor-express
Hashes and Yara hunting rules for MeteorExpress Wiper
Language:YARA1 5 01
SentineLabs/enumerate-macos-loginitems
Xcode Playground that will return a list of all installed applications for a user that use SMLoginItem API
0 2 00
SentineLabs/ZLoader-2021
IOCs for ZLoader Campaign 2021
0 5 00
SentineLabs/Gootloader-iocs-q1-2021
900 SHA1 Gootloader js loader hashes plus some of the most relevant lures with the embedded URLs used for the delivery of the payloads.
5 0
SentineLabs/hotpatch-for-apache-log4j2
An agent to hotpatch the log4j RCE from CVE-2021-44228.
Language:Java
SentineLabs/MOVEit-IIS-Log-Scanner
A simple script to scan IIS logs for potential exploitation of MOVEit
Language:PowerShell
SentineLabs/r2pipe-stringdecoder
Language:Go