Pinned Repositories
aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
AlphaGolang
IDApython Scripts for Analyzing Golang Binaries
Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
log4j_response
macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
Memloader
Memory Loader Open Source Project by Sentinel-Labs.
PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
S1QL-Queries
SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
SentinelLabs's Repositories
SentineLabs/AlphaGolang
IDApython Scripts for Analyzing Golang Binaries
SentineLabs/SentinelLabs_RevCore_Tools
The Windows Malware Analysis Reversing Core Tools
SentineLabs/XProtect-Malware-Families
Mapping XProtect's obfuscated malware family names to common industry names.
SentineLabs/aevt_decompile
This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembler.py into something more human-readable.
SentineLabs/S1QL-Queries
SentineLabs/macos-ttps-yara
A ruleset to find potentially malicious code in macOS malware samples
SentineLabs/Memloader
Memory Loader Open Source Project by Sentinel-Labs.
SentineLabs/PowerTrick
This is a repository for the public blog with Labs indicators of compromise and code
SentineLabs/Cl0p-ELF-Decryptor
Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.
SentineLabs/log4j_response
SentineLabs/VTgrepGHIDRA
SentineLabs/TrickBot-Anchor
This is a repository for the public blog with Labs indicators of compromise.
SentineLabs/aeon
Repository containing Aeon Timeline templates and example projects
SentineLabs/SolarWinds_Countermeasures
This tool is designed to identify processes, services, and drivers that SUNBURST attempts to identify on the victim's machine.
SentineLabs/Gamaredon-APT
This is a collection of relevant indicators of compromise for the main blog.
SentineLabs/TrickBot-Deobfuscator
Code and data related to TrickBot-Deobfuscator blog
SentineLabs/Yara
Public SentinelLabs Yara Rules
SentineLabs/aoqin_dragon
SentineLabs/IOCs
A Collection of IOC's
SentineLabs/Shadowpad
Technical Indicators for SentinelLabs ShadowPad research
SentineLabs/Crypt1_IOCs
Massive unpacking of CryptOne samples
SentineLabs/meteor-express
Hashes and Yara hunting rules for MeteorExpress Wiper
SentineLabs/enumerate-macos-loginitems
Xcode Playground that will return a list of all installed applications for a user that use SMLoginItem API
SentineLabs/ZLoader-2021
IOCs for ZLoader Campaign 2021
SentineLabs/Gootloader-iocs-q1-2021
900 SHA1 Gootloader js loader hashes plus some of the most relevant lures with the embedded URLs used for the delivery of the payloads.
SentineLabs/hotpatch-for-apache-log4j2
An agent to hotpatch the log4j RCE from CVE-2021-44228.
SentineLabs/MOVEit-IIS-Log-Scanner
A simple script to scan IIS logs for potential exploitation of MOVEit
SentineLabs/r2pipe-stringdecoder