Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files

Introducing TScopy It is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the filesystem. Sometimes these files are locked by the operating system (OS) because they are in use, which is particularly frustrating with event logs and registry hives. TScopy allows the user, who is running withRead More

Polypyus – Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions. In addition, the binary-only approach makes it very fast and runRead More