DFIQ is a collection of investigative questions and the approaches for answering them

Remote access and Antivirus Logging Database

Repository of Yara Rules

A curated collection of DFIR skills and workflows for InfoSec practitioners.

Your Browser-based EVTX Companion

Powerful menu bar manager for macOS

Matkap - hunt down malicious Telegram bots

Make Abe yell at stuff!

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Powershell Linter

RegRipper3.0

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, fi…

GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the function symbols of an obfuscated Go binary.

reverse engineering of Hyundai Ioniq (classic, production 2018)

Firmware tools for Mobis Gen5 navigation

A completely unnecessary and arguably irresponsible way to store files in the Windows Event Log.

This is the latest version of the internal repository from Pebble Technology providing the software to run on Pebble watches. Proprietary source code has been removed from this repository and it wi…

Online Javascript Deobfuscator Tool

Exposing phishing kits seen from phishunt.io

jid on jq - interactive JSON query tool using jq expressions

RegExr is a HTML/JS based tool for creating, testing, and learning about Regular Expressions.

A curated list of awesome jq tools and resources.

Configuration Extractors for Malware

Firmware Analysis Tool

An open source (GPLv3) deobfuscator and unpacker for Eziriz .NET Reactor

A comprehensive guide to the controlling Sercomm IP Cameras via their inbuit API

Program for determining types of files for Windows, Linux and MacOS.

.NET deobfuscator and unpacker.

This content is analysis and research of the data sources currently listed in ATT&CK.