C# based evtx parser with lots of extras

This repository serves as a place for community created Targets and Modules for use with KAPE.

Command line access to the Registry

Parses $MFT from NTFS file systems

Hardened your Windows OS against forensics analysis

Full featured, offline Registry parser in C#

Collection of malware source code for a variety of platforms in an array of different programming languages.

AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10

Prefetch Explorer Command Line

Library to process OLE compound file format. This is a work in progress and was initially written for jumplist parsing (for which it does fine)

Parses amcache.hve files, but with a twist!

Recycle bin artifact parser

ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

One stop shop for enabling Recall in Windows 11 version 24H2 on unsupported devices

Repo for Concierge AI dev work

Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability

History of official firmwares for Reolink devices.

MFT parser

FirePalo helps you convert rules and objects from Cisco FirePower to Palo Alto

For when DLLMain is the only way

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory