Warbler

A minidump analysis tool built with blue teams in mind. Supports running Yara rules against virtual addresses and dumping virtual memory to disk.

Usage

View threads:

./warbler --file ~/Desktop/mem/RuntimeBroker.exe.dmp threads

View loaded and unloaded modules:

./warbler --file ~/Desktop/mem/RuntimeBroker.exe.dmp modules

View memory:

./warbler --file ~/Desktop/mem/RuntimeBroker.exe.dmp memory

Run yara rules against virtual address:

./warbler --file ~/Desktop/mem/RuntimeBroker.exe.dmp yara --rules /opt/yara/ --address 0x2879d9c0000

Dump to disk:

./warbler --file ~/Desktop/mem/RuntimeBroker.exe.dmp dump --address 0x2879d9c0000 --out shellcode.bin

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
analysis		analysis
misc		misc
parsers		parsers
.gitignore		.gitignore
LICENSE		LICENSE
go.mod		go.mod
go.sum		go.sum
makefile		makefile
readme.md		readme.md
warbler.go		warbler.go
windows_minidump.ksy		windows_minidump.ksy