Alternatives and similar repositories for DidierStevensSuite

Users that are interested in DidierStevensSuite are comparing it to the libraries listed below

• decalage2 / oletools

  View on GitHub
  oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware a…
  ☆3,280Jan 26, 2026Updated 2 weeks ago
• decalage2 / ViperMonkey

  View on GitHub
  A VBA parser and emulation engine to analyze malicious macros.
  ☆1,118Jul 10, 2024Updated last year
• Neo23x0 / Loki

  View on GitHub
  Loki - Simple IOC and YARA Scanner
  ☆3,719Jan 12, 2026Updated last month
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆587May 5, 2024Updated last year
• Neo23x0 / signature-base

  View on GitHub
  YARA signature and IOC database for my scanners and tools
  ☆2,864Feb 5, 2026Updated last week
• mandiant / flare-floss

  View on GitHub
  FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
  ☆3,877Feb 3, 2026Updated last week
• mandiant / flare-vm

  View on GitHub
  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…
  ☆8,338Dec 23, 2025Updated last month
• alexandreborges / malwoverview

  View on GitHub
  Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…
  ☆3,531Jan 20, 2026Updated 3 weeks ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,507Jan 24, 2023Updated 3 years ago
• redcanaryco / atomic-red-team

  View on GitHub
  Small and highly portable detection tests based on MITRE's ATT&CK.
  ☆11,570Updated this week
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,440Oct 12, 2025Updated 4 months ago
• SigmaHQ / sigma

  View on GitHub
  Main Sigma Rule Repository
  ☆10,109Updated this week
• mandiant / capa

  View on GitHub
  The FLARE team's open-source tool to identify capabilities in executable files.
  ☆5,821Updated this week
• Yara-Rules / rules

  View on GitHub
  Repository of yara rules
  ☆4,697Apr 17, 2024Updated last year
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,475Jan 12, 2026Updated last month
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,710Sep 23, 2025Updated 4 months ago
• InQuest / awesome-yara

  View on GitHub
  A curated list of awesome YARA rules, tools, and people.
  ☆4,136Mar 26, 2025Updated 10 months ago
• JPCERTCC / LogonTracer

  View on GitHub
  Investigate malicious Windows logon by visualizing and analyzing Windows event log
  ☆3,049Oct 19, 2025Updated 3 months ago
• LOLBAS-Project / LOLBAS

  View on GitHub
  Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
  ☆8,311Dec 6, 2025Updated 2 months ago
• mandiant / flare-fakenet-ng

  View on GitHub
  FakeNet-NG - Next Generation Dynamic Network Analysis Tool
  ☆2,078Dec 9, 2025Updated 2 months ago
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,901Jul 6, 2024Updated last year
• log2timeline / plaso

  View on GitHub
  Super timeline all the things
  ☆2,010Updated this week
• SpecterOps / BloodHound-Legacy

  View on GitHub
  Six Degrees of Domain Admin
  ☆10,537Aug 1, 2025Updated 6 months ago
• davehull / Kansa

  View on GitHub
  A Powershell incident response framework
  ☆1,639Nov 22, 2022Updated 3 years ago
• mattnotmax / cyberchef-recipes

  View on GitHub
  A list of cyber-chef recipes and curated links
  ☆2,182Jun 14, 2024Updated last year
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,553Oct 31, 2025Updated 3 months ago
• DidierStevens / Beta

  View on GitHub
  Beta versions of my software
  ☆269Jun 12, 2025Updated 8 months ago
• trustedsec / unicorn

  View on GitHub
  Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's po…
  ☆3,899Jan 24, 2024Updated 2 years ago
• fortra / impacket

  View on GitHub
  Impacket is a collection of Python classes for working with network protocols.
  ☆15,448Updated this week
• Neo23x0 / yarGen

  View on GitHub
  yarGen is a generator for YARA rules
  ☆1,774Jan 10, 2026Updated last month
• danielbohannon / Invoke-Obfuscation

  View on GitHub
  PowerShell Obfuscator
  ☆4,193Aug 10, 2023Updated 2 years ago
• GhostPack / Rubeus

  View on GitHub
  Trying to tame the three-headed dog.
  ☆4,869Nov 14, 2025Updated 3 months ago
• mitre / caldera

  View on GitHub
  Automated Adversary Emulation Platform
  ☆6,733Updated this week
• cobbr / Covenant

  View on GitHub
  Covenant is a collaborative .NET C2 framework for red teamers.
  ☆4,606Jul 18, 2024Updated last year
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,968Aug 21, 2024Updated last year
• gtworek / PSBits

  View on GitHub
  Simple (relatively) things allowing you to dig a bit deeper than usual.
  ☆3,459Feb 3, 2026Updated last week
• mandiant / commando-vm

  View on GitHub
  Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mand…
  ☆7,529Oct 16, 2025Updated 3 months ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,723Mar 20, 2024Updated last year
• sans-blue-team / DeepBlueCLI

  View on GitHub
  ☆2,383Oct 14, 2023Updated 2 years ago