Malandrone / PowerDecodeLinks
PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆193Updated last year
Alternatives and similar repositories for PowerDecode
Users that are interested in PowerDecode are comparing it to the libraries listed below
Sorting:
- A ProcessMonitor visualization application written in rust.☆181Updated last year
- A collection of tools and detections for the Sliver C2 Frameworj☆127Updated 2 years ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆184Updated last week
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 2 months ago
- Collection of Volatility2 profiles, generated against Linux kernels.☆43Updated this week
- Dump quarantined files from Windows Defender☆64Updated 3 years ago
- A collection of tools, scripts and personal research☆131Updated 2 months ago
- ☆201Updated 7 months ago
- Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍☆145Updated this week
- ☆300Updated 7 months ago
- Windows symbol tables for Volatility 3☆87Updated 11 months ago
- ☆232Updated 2 weeks ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆240Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 5 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆213Updated 2 years ago
- I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …☆277Updated last week
- ☆250Updated last year
- Volatility3 Linux profiles☆48Updated 3 weeks ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆429Updated last month
- Aims to identify sleeping beacons☆604Updated 6 months ago
- AV/EDR Lab environment setup references to help in Malware development☆388Updated 4 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆331Updated 2 years ago
- DNS Tunneling using powershell to download and execute a payload. Works in CLM.☆219Updated 3 years ago
- Repository of Yara Rules☆111Updated 2 months ago
- Python tool to check rootkits in Windows kernel☆197Updated 3 months ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆276Updated last year
- Find potential DLL Sideloads on your windows computer☆208Updated 5 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆264Updated last year
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆394Updated last month