scudette

@Velocidex Australia

Pinned Repositories

grr
GRR Rapid Response: remote live forensics for incident response
Language:Python6 4 00
memory-analysis
A Rekall interactive document for a Memory Analysis workshop/course.
Language:HTML43 6 28
rekall-agent-server
Rekall is an endpoint security solution.
Language:Python39 8 1110
velociraptor
Velociraptor hunts for evil...
Language:Go5 2 00
eql2vql
Transform EQL detection rules to VQL artifacts
Language:Python10 5 03
evtx-data
Publicly shareable windows event log message data
27 6 04
go-prefetch
A golang implementation of a prefetch parser.
Language:Go19 3 33
oleparse
Golang parser for OLE files
Language:Go31 5 24
vtypes
VTypes is a data driven binary parsing system in Go.
Language:Go10 4 03

scudette's Repositories

scudette/velociraptor
Velociraptor hunts for evil...
Language:Go5 2 00
scudette/awesome-incident-response
A curated list of tools for incident response
2 1 01
scudette/Audit
Collection of Audit and Compliance related VQL artifacts
Language:Go1 0 0
scudette/http-logging-proxy
Language:Go1 0 01
scudette/sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
Language:C#1 0 0
scudette/WinPmem
The multi-platform memory acquisition tool.
Language:C1 0 0
scudette/aff4
The Advanced Forensic File Format. NOTE: This project has been split into C and Python projects and moved to https://github.com/aff4/pyaff4 and https://github.com/Velocidex/c-aff4
Language:C++1 0
scudette/archiver
Language:Go1 0
scudette/assert
A simple assertion library using Go generics
Language:Go0 0
scudette/blackfriday
Blackfriday: a markdown processor for Go
Language:Go1 0
scudette/DFIRArtifactMuseum
The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifact validation processes as well as increase access to artifacts that may no longer be readily available anymore.
Language:HTML1 0
scudette/eql
Language:Python1 0
scudette/eqllib
Language:Python1 0
scudette/etw
Go library for ETW (Event Tracing for Windows) events processing
Language:Go1 0
scudette/etw-providers-docs
Document ETW providers
Language:C1 0
scudette/evtx
Golang Parser for Microsoft Event Logs
Language:Go1 0
scudette/EVTX-ATTACK-SAMPLES
Windows Events Samples
Language:PowerShell1 0
scudette/Extensible-Storage-Engine
Language:C++0 0
scudette/fb-util-for-appx
Create .appx files.
Language:C++0 0
scudette/go-ese
Go implementation of an Extensible Storage Engine parser
Language:Go
scudette/go-libaudit
go-libaudit is a library for communicating with the Linux Audit Framework.
Language:Go1 0
scudette/impacket
Impacket is a collection of Python classes for working with network protocols.
Language:Python1 0
scudette/pywintrace
ETW Python Library
Language:Python1 0
scudette/restic
Fast, secure, efficient backup program
Language:Go2 0
scudette/RustyUsn
USN to JSON
Language:Rust1 0
scudette/sigma-go
A Go implementation and parser for Sigma rules.
Language:Go0 0
scudette/tccprofile
Creates a TCC profile for new Privacy Payloads in macOS Mojave
Language:Python1 0
scudette/ttlcache
An in-memory string-interface{} map with various expiration options for golang
Language:Go1 0
scudette/velociraptor-docs
Documentation site for Velociraptor
Language:HTML1 0
scudette/winreg-kb
Windows Registry Knowledge Base
Language:Python1 0