Willi Ballenthin

@mastodon @github @twitter

Reverse engineering and computer forensics at Mandiant/Google. Expect to encounter disassembly, debugging, emulation. Often programs in #Python and #Rust. Post-rock and -metal.

projects

capa malware capabilities
FLOSS obfuscated strings
python-idb IDA Pro analysis
python-registry Registry parser
INDXParse NTFS artifacts
EVTXtract EVTX recovery