PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆235Apr 28, 2024Updated 2 years ago
Alternatives and similar repositories for PowerDecode
Users that are interested in PowerDecode are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PowerShell script for deobfuscating encoded PowerShell scripts☆438Feb 4, 2021Updated 5 years ago
- Volatility 3 Plugins☆21Oct 3, 2022Updated 3 years ago
- A tool for de-obfuscating PowerShell scripts☆71Apr 24, 2019Updated 7 years ago
- A C2 framework inspired by anime, made in python.☆12Feb 8, 2026Updated 2 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆124May 16, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- MS Graph Commands and Tools for Blue Teamers☆51Feb 4, 2026Updated 2 months ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆479Oct 29, 2025Updated 6 months ago
- ☆186Apr 24, 2025Updated last year
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,523Apr 1, 2026Updated last month
- Enumeration & fingerprint tool☆24Mar 3, 2024Updated 2 years ago
- ☆20Oct 23, 2020Updated 5 years ago
- Artifact collection tool for *nix systems☆217Mar 20, 2024Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆587Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Evtx Log (xml) Browser☆59Mar 12, 2023Updated 3 years ago
- Powershell script deobfuscation using AST in Python☆74Sep 20, 2025Updated 7 months ago
- Scripts and a short guide for using them to tier an Active Directory. Made for BSides Copenhagen 2024☆39Oct 20, 2025Updated 6 months ago
- ☆14Sep 26, 2023Updated 2 years ago
- Go fastcall analysis for ida decompiler☆47Jun 25, 2025Updated 10 months ago
- Adversary Simulation Framework☆40Aug 19, 2025Updated 8 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs�☆806Apr 6, 2026Updated 3 weeks ago
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆89Mar 11, 2026Updated last month
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- IDA plugin to deobfuscate emotet CFF☆18Apr 26, 2022Updated 4 years ago
- A curated list of KAPE-related resources☆186May 1, 2025Updated last year
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆113Aug 26, 2024Updated last year
- A standalone DLL that exports databases in cleartext once injected in the KeePass process.☆301Mar 1, 2023Updated 3 years ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,108Dec 11, 2024Updated last year
- Windows symbol tables for Volatility 3☆93Jul 11, 2024Updated last year
- An ADCS honeypot to catch attackers in your internal network.☆327Jun 27, 2024Updated last year
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- IDA plugin helping reverse-engineering rust binaries☆34Jul 31, 2024Updated last year
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Klara docker compose☆11May 19, 2020Updated 5 years ago
- Practical Windows Forensics Training☆764Feb 16, 2026Updated 2 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,135Updated this week
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 3 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆81Sep 9, 2024Updated last year
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆42Oct 24, 2025Updated 6 months ago