gleeda

Core Developer for the @volatilityfoundation | Director of R&D for @huntresslabs | Overall DFIR enthusiast.

@volatilityfoundation @huntresslabs

Pinned Repositories

BoomBox
Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
Language:PowerShell2 0 00
capa
The FLARE team's open-source tool to identify capabilities in executable files.
Language:Python2 0 00
gleeda.github.com
Language:HTML3 3 01
malboxes
Builds malware analysis Windows VMs so that you don't have to.
Language:Python2 0 00
memtriage
Allows you to quickly query a Windows machine for RAM artifacts
Language:Python218 16 225
misc-scripts
misc scripts
Language:Python36 6 011
openpyxl
clone of openpyxl
Language:Python3 2 01
Vol-TODO
3 1 00
Volatility-Plugins
Plugins for the most recent branch of Volatility
Language:Python19 4 01
volatility-sqlite
volatility sqlite
Language:Python3 2 02

gleeda's Repositories

gleeda/memtriage
Allows you to quickly query a Windows machine for RAM artifacts
Language:Python218 16 225
gleeda/misc-scripts
misc scripts
Language:Python36 6 011
gleeda/gleeda.github.com
Language:HTML3 3 01
gleeda/openpyxl
clone of openpyxl
Language:Python3 2 01
gleeda/Vol-TODO
3 1 00
gleeda/BoomBox
Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant
Language:PowerShell2 0 00
gleeda/capa
The FLARE team's open-source tool to identify capabilities in executable files.
Language:Python2 0 00
gleeda/malboxes
Builds malware analysis Windows VMs so that you don't have to.
Language:Python2 0 00
gleeda/epa-climate-change
1 1 0
gleeda/flare-floss
FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.
Language:Python1 1 0
gleeda/gargoyle
A memory scanning evasion technique
Language:C++1 1 0
gleeda/Mirai-Source-Code
Leaked Mirai Source Code for Research/IoC Development Purposes
Language:C1 1 0
gleeda/RDP-Replay
Replay RDP traffic from PCAP
Language:C1 1 01
gleeda/subTee-gits-backups
subTee gists code backups
Language:C#1 1 01
gleeda/virtual-reality
Stealthy backdoor for Windows operating systems
Language:C1 1 0
gleeda/volatility
An advanced memory forensics framework
Language:Python1 0 0
gleeda/block-parser
Parser for Windows PowerShell script block logs
Language:Python1 0
gleeda/capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
0 0
gleeda/climate
Language:HTML1 01
gleeda/Content-IRPowerForensics
PowerForensics provides an all in one platform for live disk forensic analysis
Language:C#2 0
gleeda/distorm
Powerful Disassembler Library For x86/AMD64
Language:C1 0
gleeda/flare-wmi
Language:C++1 0
gleeda/LiME
LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.
Language:C1 0
gleeda/osx-vm-templates
macOS templates for Packer and VeeWee.
Language:Shell1 0
gleeda/presentations
1 0
gleeda/python-pachyderm
Python client for Pachyderm
Language:Python1 0
gleeda/ssh-chat
Chat over SSH.
Language:Go0 0
gleeda/syncthing
Open Source Continuous File Synchronization
Language:Go1 0
gleeda/unicorn
Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)
Language:C1 0
gleeda/WSL2-Linux-Kernel
The source for the Linux kernel used in Windows Subsystem for Linux 2 (WSL2)
Language:C0 0