Projects in Awesome Lists by mandiant
A curated list of projects in awesome lists by mandiant .
https://github.com/mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
flare malware-analysis reverse-engineering
Last synced: 12 May 2025
https://github.com/mandiant/commando-vm
Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com
fireeye-flare penetration-testing red-teaming windows
Last synced: 09 Apr 2025
https://mandiant.github.io/capa/
The FLARE team's open-source tool to identify capabilities in executable files.
binary-analysis gsoc-2026 malware-analysis reverse-engineering threat-intelligence
Last synced: 24 Feb 2026
https://github.com/mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
binary-analysis gsoc-2025 malware-analysis reverse-engineering threat-intelligence
Last synced: 14 May 2025
https://github.com/fireeye/capa
The FLARE team's open-source tool to identify capabilities in executable files.
binary-analysis gsoc-2025 malware-analysis reverse-engineering threat-intelligence
Last synced: 02 May 2025
https://github.com/mandiant/flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
deobfuscation flare gsoc-2025 malware malware-analysis strings
Last synced: 12 May 2025
https://github.com/mandiant/flare-ida
IDA Pro utilities from FLARE team
fireeye-flare ida ida-plugin ida-pro idapython reverse-engineering
Last synced: 14 May 2025
https://github.com/fireeye/flare-ida
IDA Pro utilities from FLARE team
fireeye-flare ida ida-plugin ida-pro idapython reverse-engineering
Last synced: 05 Apr 2025
https://github.com/mandiant/flare-fakenet-ng
FakeNet-NG - Next Generation Dynamic Network Analysis Tool
fakenet-ng gsoc-2025 malware-analysis mandiant-flare traffic-redirection
Last synced: 11 Apr 2025
https://github.com/mandiant/speakeasy
Windows kernel and user mode emulation.
emulation gsoc-2025 malware-analysis
Last synced: 14 May 2025
https://github.com/mandiant/threatpursuit-vm
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
analytics cyber data-science fireeye intelligence intelligence-analysis malware mandiant threat threathunting threatintelligence virtual-machine
Last synced: 23 Feb 2025
https://github.com/mandiant/ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
analytics cyber data-science fireeye intelligence intelligence-analysis malware mandiant threat threathunting threatintelligence virtual-machine
Last synced: 12 Jul 2025
https://github.com/mandiant/gocrack
GoCrack is a management frontend for password cracking tools written in Go
Last synced: 14 May 2025
https://github.com/mandiant/flare-learning-hub
Free educational content on reverse engineering and malware analysis from the FLARE team
assembly assembly-language assembly-language-programming binary-analysis c cyber-security cybersecurity flare go golang malware malware-analysis reverse-engineering threat-intelligence x64 x86
Last synced: 03 Jun 2026
https://github.com/mandiant/flare-emu
emulation fireeye-flare malware-analysis
Last synced: 12 Aug 2025
https://github.com/mandiant/Ghidrathon
The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
Last synced: 15 Mar 2025
https://github.com/mandiant/ghidrathon
The FLARE team's open-source extension to add Python 3 scripting to Ghidra.
Last synced: 12 Apr 2025
https://github.com/mandiant/stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
fireeye-data-science fireeye-flare learning-to-rank machine-learning malware-analysis reverse-engineering strings
Last synced: 15 May 2025
https://github.com/mandiant/capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
Last synced: 28 Jan 2026
https://github.com/mandiant/iocs
FireEye Publicly Shared Indicators of Compromise (IOCs)
Last synced: 11 May 2025
https://github.com/mandiant/fidl
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
api decompiler ida malware research reversing vulnerability
Last synced: 05 Apr 2025
https://github.com/mandiant/FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
api decompiler ida malware research reversing vulnerability
Last synced: 15 Mar 2025
https://github.com/mandiant/idawasm
IDA Pro loader and processor modules for WebAssembly
fireeye-flare ida ida-pro idapython wasm
Last synced: 09 May 2025
https://github.com/mandiant/SimplifyGraph
IDA Pro plugin to assist with complex graphs
Last synced: 10 May 2025
https://github.com/mandiant/xrefer
FLARE Team's Binary Navigator
binary-analysis gsoc-2025 ida-pro idaplugin idapython malware-analysis reverse-engineering threat-intelligence
Last synced: 19 Jun 2025
https://github.com/mandiant/geologonalyzer
GeoLogonalyzer is a utility to analyze remote access logs for anomalies such as travel feasibility and data center sources.
Last synced: 05 Mar 2026
https://github.com/mandiant/vm-packages
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
chocolatey-packages flare malware-analysis reverse-engineering
Last synced: 16 May 2025
https://github.com/mandiant/flare-qdb
Command-line and Python debugger for instrumenting and modifying native software behavior on Windows and Linux.
Last synced: 24 Apr 2025
https://github.com/mandiant/heyserial
Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
deserialization snort snort-rules-generate yara yara-rule-generator ysoserial
Last synced: 24 Apr 2025
https://github.com/mandiant/route-sixty-sink
Link sources to sinks in C# applications.
Last synced: 07 May 2025
https://github.com/mandiant/dncil
The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.
Last synced: 06 Apr 2025
https://github.com/mandiant/gostringungarbler
Python tool to resolve all strings in Go binaries obfuscated by garble
Last synced: 19 Jun 2025
https://github.com/mandiant/ioc-scanner-CVE-2019-19781
Indicator of Compromise Scanner for CVE-2019-19781
Last synced: 03 Apr 2025
https://github.com/mandiant/gootloader
Collection of scripts used to deobfuscate GOOTLOADER malware samples.
Last synced: 24 Apr 2025
https://github.com/mandiant/capa-testfiles
Data to test capa's code and rules.
Last synced: 25 Jun 2025
https://github.com/mandiant/ardvark
ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
Last synced: 24 Apr 2025
https://github.com/mandiant/flare-gsoc
Supporting resources and documentation for FLARE @ Google Summer of Code 2025
Last synced: 17 Feb 2026
https://github.com/mandiant/flare-gsoc-2023
Supporting resources and documentation for FLARE @ Google Summer of Code 2023
Last synced: 24 Apr 2025
https://github.com/mandiant/dfur-splunk-app
The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.
incident-response log-analysis splunk-application
Last synced: 24 Apr 2025
https://github.com/mandiant/mandiant_managed_hunting
Azure Deployment Templates for Mandiant Managed Huning
Last synced: 24 Apr 2025
https://github.com/mandiant/flare-floss-testfiles
Resources for testing FLOSS by the FLARE team.
Last synced: 20 Jun 2025
https://github.com/mandiant/poisonplug-scatterbrain
Deobfuscation library for PoisionPlug.SHADOW's ScatterBrain obfuscator
Last synced: 19 Jun 2025