AppCompatProcessor Logo

AppCompatProcessor

0
Free
Visit Website

AppCompatProcessor has been designed to extract additional value from enterprise-wide AppCompat / AmCache data beyond the classic stacking and grepping techniques. Note: Windows platform support has been temporarily removed (expect to see it back shortly though). Installation: OSX: You need Python 2.7+, libregf and pyregf (python bindings) from https://github.com/libyal/libregf -Option A Source distribution package from https://github.com/libyal/libregf/releases ./configure --enable-python && make sudo make install python setup.py build python setup.py install -Option B Direct from source git clone https://github.com/libyal/libregf.git cd libregf/ ./synclibs.sh ./autogen.sh ./configure --enable-python && make sudo make install python setup.py build python setup.py install The rest of the requirements you can handle with 'pip install -r requirements.txt'. Linux: You need Python 2.7+ and 'sudo pip install -r requirements.txt' should take care of everything for you. If you have issues with libregf or

FEATURES

ALTERNATIVES

Repository of IOCs provided under the Apache 2.0 license

Amazon GuardDuty is a threat detection service for AWS accounts.

API for querying domain security information, categorization, and related data.

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.

A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.

A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.

PINNED