Add: joeavanzato/Trawler to DFIR section

README.md

@@ -660,6 +660,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://github.com/bootleg/ret-sync">bootleg/ret-sync</a></td>
         <td>ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra disassemblers.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/buzzer-re/Shinigami/">buzzer-re/Shinigami</a></td>
+        <td>Shinigami is an experimental tool designed to detect and unpack malware implants that are injected via process hollowing or generic packer routines.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/can1357/NoVmp">can1357/NoVmp</a></td>
         <td>A static devirtualizer for VMProtect x64 3.x. powered by VTIL.</td>
@@ -1737,6 +1741,10 @@ This repository is created as an online bookmark for useful links, resources and
         <td><a href="https://github.com/jklepsercyber/defender-detectionhistory-parser">jklepsercyber/defender-detectionhistory-parser</a></td>
         <td>A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/joeavanzato/Trawler">joeavanzato/Trawler</a></td>
+        <td>PowerShell script to help Incident Responders discover adversary persistence mechanisms.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/JPCERTCC/LogonTracer">JPCERTCC/LogonTracer</a></td>
         <td>Investigate malicious Windows logon by visualizing and analyzing Windows event log</td>