{"payload":{"pageCount":2,"repositories":[{"type":"Public","name":"capa","owner":"mandiant","isFork":false,"description":"The FLARE team's open-source tool to identify capabilities in executable files.","allTopics":["gsoc-2024","reverse-engineering","malware-analysis"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":17,"issueCount":184,"starsCount":3948,"forksCount":496,"license":"Apache License 2.0","participation":[87,53,31,164,115,55,28,71,66,55,90,24,4,4,11,15,19,43,57,5,21,20,13,20,19,5,13,1,4,14,7,19,7,21,5,13,16,10,4,2,11,1,4,4,7,14,14,5,6,10,21,14],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-12T15:24:21.265Z"}},{"type":"Public","name":"flare-floss","owner":"mandiant","isFork":false,"description":"FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.","allTopics":["strings","deobfuscation","flare","gsoc-2024","malware","malware-analysis"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":5,"issueCount":90,"starsCount":3074,"forksCount":448,"license":"Apache License 2.0","participation":[40,45,41,21,4,9,32,4,3,3,12,9,2,3,1,1,0,9,5,2,0,22,6,4,6,16,1,2,0,13,0,0,3,0,0,0,1,1,5,13,11,0,0,12,3,11,1,0,1,1,7,9],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-11T19:55:32.166Z"}},{"type":"Public","name":"flare-fakenet-ng","owner":"mandiant","isFork":false,"description":"FakeNet-NG - Next Generation Dynamic Network Analysis Tool","allTopics":["traffic-redirection","fakenet-ng","mandiant-flare","gsoc-2024","malware-analysis"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":21,"issueCount":58,"starsCount":1715,"forksCount":353,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-01T05:09:02.110Z"}},{"type":"Public","name":"PwnAuth","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":9,"issueCount":2,"starsCount":357,"forksCount":89,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-20T21:08:31.831Z"}},{"type":"Public","name":"dncil","owner":"mandiant","isFork":false,"description":"The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.","allTopics":["gsoc-2024"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":3,"issueCount":2,"starsCount":130,"forksCount":14,"license":"Apache License 2.0","participation":[3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,4,0,0,3,0,0,0,0,0,0,3,0,0,3,2,0,0,2,0,3,0,0,1,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-10T09:43:04.091Z"}},{"type":"Public","name":"speakeasy","owner":"mandiant","isFork":false,"description":"Windows kernel and user mode emulation.","allTopics":["emulation","gsoc-2023","malware-analysis"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":3,"issueCount":36,"starsCount":1417,"forksCount":225,"license":"MIT License","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,4,2,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-12T05:04:33.443Z"}},{"type":"Public","name":"ADFSpoof","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":3,"issueCount":2,"starsCount":335,"forksCount":58,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-18T03:35:41.120Z"}},{"type":"Public","name":"ccmpwn","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":146,"forksCount":14,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,6,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-03-26T20:51:27.562Z"}},{"type":"Public","name":"flare-ida","owner":"mandiant","isFork":false,"description":"IDA Pro utilities from FLARE team","allTopics":["reverse-engineering","ida-pro","ida-plugin","idapython","fireeye-flare","ida"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":4,"issueCount":22,"starsCount":2129,"forksCount":467,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-03-01T07:45:44.059Z"}},{"type":"Public","name":"gootloader","owner":"mandiant","isFork":false,"description":"Collection of scripts used to deobfuscate GOOTLOADER malware samples.","allTopics":["deobfuscation","gootloader"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":49,"forksCount":6,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,3,0,4,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-01-08T18:47:32.624Z"}},{"type":"Public","name":"GeoLogonalyzer","owner":"mandiant","isFork":false,"description":"GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":4,"issueCount":5,"starsCount":194,"forksCount":59,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-08-11T02:24:39.591Z"}},{"type":"Public","name":"ReelPhish","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":3,"starsCount":503,"forksCount":153,"license":"GNU General Public License v3.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-08-11T01:40:07.197Z"}},{"type":"Public","name":"SSSDKCMExtractor","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":1,"starsCount":53,"forksCount":27,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-08-11T01:04:37.693Z"}},{"type":"Public","name":"stringsifter","owner":"mandiant","isFork":false,"description":"A machine learning tool that ranks strings based on their relevance for malware analysis.","allTopics":["machine-learning","strings","reverse-engineering","learning-to-rank","fireeye-flare","fireeye-data-science","malware-analysis"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":4,"starsCount":653,"forksCount":124,"license":"Apache License 2.0","participation":[0,0,1,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-07-14T16:22:11.976Z"}},{"type":"Public","name":"rpdebug_qnx","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":1,"starsCount":12,"forksCount":4,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-06-01T13:31:58.954Z"}},{"type":"Public archive","name":"ARDvark","owner":"mandiant","isFork":false,"description":"ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":34,"forksCount":12,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-06-01T13:20:37.759Z"}},{"type":"Public","name":"apooxml","owner":"mandiant","isFork":false,"description":"Generate YARA rules for OOXML documents.","allTopics":["security","detection","malware","ooxml","yara"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":1,"starsCount":38,"forksCount":8,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-06-01T13:19:25.267Z"}},{"type":"Public","name":"flare-emu","owner":"mandiant","isFork":false,"description":"","allTopics":["emulation","malware-analysis","fireeye-flare"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":4,"starsCount":765,"forksCount":112,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-06-01T02:36:39.149Z"}},{"type":"Public","name":"ioc_writer","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":1,"starsCount":199,"forksCount":60,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-03T10:16:22.522Z"}},{"type":"Public archive","name":"flare-bytecode_graph","owner":"mandiant","isFork":false,"description":"","allTopics":["fireeye-flare"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":1,"starsCount":84,"forksCount":28,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-10T00:59:33.477Z"}},{"type":"Public archive","name":"flare-qdb","owner":"mandiant","isFork":false,"description":"Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.","allTopics":["fireeye-flare"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":8,"starsCount":163,"forksCount":54,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-10T00:58:14.992Z"}},{"type":"Public archive","name":"FIDL","owner":"mandiant","isFork":false,"description":"A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research","allTopics":["api","research","decompiler","malware","ida","vulnerability","reversing"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":2,"starsCount":443,"forksCount":71,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-10T00:55:44.098Z"}},{"type":"Public archive","name":"ShimCacheParser","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":3,"issueCount":2,"starsCount":268,"forksCount":93,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-04-06T11:05:05.519Z"}},{"type":"Public archive","name":"thiri-notebook","owner":"mandiant","isFork":false,"description":"The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.","allTopics":["threat-hunting","yara","snort","detection-rules"],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":1,"issueCount":0,"starsCount":152,"forksCount":15,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-04-25T13:25:33.908Z"}},{"type":"Public archive","name":"siglib","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":18,"forksCount":7,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-06-30T03:47:36.954Z"}},{"type":"Public archive","name":"rvmi-rekall","owner":"mandiant","isFork":false,"description":"Rekall Forensics and Incident Response Framework with rVMI extensions","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":4,"issueCount":0,"starsCount":32,"forksCount":30,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-03-25T21:27:52.045Z"}},{"type":"Public archive","name":"IDA_Pro_VoiceAttack_profile","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":26,"forksCount":15,"license":"MIT License","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-11-20T17:47:03.983Z"}},{"type":"Public archive","name":"win10_volatility","owner":"mandiant","isFork":true,"description":"An advanced memory forensics framework","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":1,"starsCount":93,"forksCount":1252,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-09-26T17:15:35.735Z"}},{"type":"Public archive","name":"win10_auto","owner":"mandiant","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":0,"starsCount":23,"forksCount":19,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-08-30T15:31:51.718Z"}},{"type":"Public archive","name":"win10_rekall","owner":"mandiant","isFork":true,"description":"Rekall Memory Forensic Framework","allTopics":[],"primaryLanguage":{"name":"Python","color":"#3572A5"},"pullRequestCount":0,"issueCount":1,"starsCount":29,"forksCount":399,"license":"GNU General Public License v2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2019-08-05T18:35:10.952Z"}}],"repositoryCount":40,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"Repositories"}