FireEye

Repositories

• HXTool

  HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabilities over the standard FireEye HX web user interface. HXTool uses the fully documented REST API that comes with the FireEye HX for communication w…
  JavaScript 13 9 4 0 Updated Oct 12, 2020

• flare-emu

  emulation malware-analysis fireeye-flare
  Python Apache-2.0 55 412 2 0 Updated Oct 12, 2020

• capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  reverse-engineering malware-analysis
  Python Apache-2.0 121 1,131 32 3 Updated Oct 8, 2020

• capa-rules

  Standard collection of rules for capa: the tool for enumerating the capabilities of programs
  Apache-2.0 21 111 36 (2 issues need help) 0 Updated Oct 8, 2020

• capa-testfiles
  5 6 0 0 Updated Oct 8, 2020

• speakeasy

  Windows kernel and user mode emulation.

  emulation malware-analysis
  Python MIT 51 378 13 0 Updated Oct 7, 2020

• commando-vm

  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com

  windows penetration-testing red-teaming fireeye-flare
  PowerShell Apache-2.0 821 3,765 25 1 Updated Oct 3, 2020

• jitm

  JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.

  hooks dotnet jit malware-analysis jit-compiler fireeye-flare
  C++ Apache-2.0 3 12 0 1 Updated Sep 23, 2020

• flare-ida

  IDA Pro utilities from FLARE team

  reverse-engineering ida ida-pro ida-plugin idapython fireeye-flare
  Python Apache-2.0 355 1,250 14 2 Updated Sep 21, 2020

• gocrack-ui

  The User Interface for GoCrack

  fireeye-flare
  Vue MIT 33 56 0 8 Updated Sep 11, 2020

• DFUR-Splunk-App

  The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.

  log-analysis incident-response splunk-application
  MIT 0 2 0 0 Updated Sep 9, 2020

• FIDL

  A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

  api research decompiler malware ida vulnerability reversing
  Python MIT 38 271 1 0 Updated Sep 9, 2020

• jest-environment-serverless

  Testing your Serverless projects with Jest the easy way!
  JavaScript MIT 3 14 6 7 Updated Sep 4, 2020

• flare-vm

  reverse-engineering malware-analysis fireeye-flare
  PowerShell Apache-2.0 389 2,296 70 4 Updated Sep 3, 2020

• muse-technical-challenge

  Muse Technical Challenge Stencil Component Starter
  TypeScript 0 0 0 0 Updated Sep 3, 2020

• dod-example-apps

  Example applications for FireEye's Detection on Demand service
  Python Apache-2.0 0 3 0 0 Updated Aug 25, 2020

• fireeye-python
  Python 4 19 0 0 Updated Aug 13, 2020

• flare-floss

  FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.

  strings malware deobfuscation fireeye-flare
  Python Apache-2.0 282 1,627 47 2 Updated Aug 6, 2020

• Vulnerability-Disclosures
  C++ 2 16 0 0 Updated Aug 1, 2020

• mimosa-rpm-package
  JavaScript 2 1 0 1 Updated Jul 15, 2020

• flare-qdb

  Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.

  fireeye-flare
  Python Apache-2.0 33 138 7 0 Updated Jun 24, 2020

• flare-fakenet-ng

  FakeNet-NG - Next Generation Dynamic Network Analysis Tool

  malware-analysis traffic-redirection fireeye-flare fakenet-ng
  Python Apache-2.0 255 1,155 41 15 Updated Jun 15, 2020

• PwnAuth
  Python Apache-2.0 56 241 2 2 Updated Jun 5, 2020

• rvmi-rekall

  Rekall Forensics and Incident Response Framework with rVMI extensions
  Python GPL-2.0 11 22 0 4 Updated May 20, 2020

• SilkETW
  C# 76 351 6 1 Updated May 17, 2020

• gocrack

  GoCrack is a management frontend for password cracking tools written in Go

  fireeye-flare
  Go MIT 202 935 16 (2 issues need help) 1 Updated Apr 17, 2020

• SSSDKCMExtractor
  Python Apache-2.0 9 10 0 0 Updated Mar 31, 2020

• ioc-scanner-CVE-2019-19781

  Indicator of Compromise Scanner for CVE-2019-19781
  Shell Apache-2.0 14 80 5 0 Updated Mar 25, 2020

• Crescendo

  Forked from SuprHackerSteve/Crescendo

  Crescendo is a swift based, real time event viewer for macOS. It utilizes Apple's Endpoint Security Framework.
  Swift 32 3 0 0 Updated Mar 10, 2020

• ADFSDump
  C# Apache-2.0 21 77 0 0 Updated Feb 22, 2020