PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆231Apr 28, 2024Updated last year
Alternatives and similar repositories for PowerDecode
Users that are interested in PowerDecode are comparing it to the libraries listed below
Sorting:
- PowerShell script for deobfuscating encoded PowerShell scripts☆435Feb 4, 2021Updated 5 years ago
- Volatility 3 Plugins☆21Oct 3, 2022Updated 3 years ago
- A tool for de-obfuscating PowerShell scripts☆71Apr 24, 2019Updated 6 years ago
- A C2 framework inspired by anime, made in python.☆12Feb 8, 2026Updated last month
- A guide to using Azure Data Explorer and KQL for DFIR☆124May 16, 2022Updated 3 years ago
- MS Graph Commands and Tools for Blue Teamers☆51Feb 4, 2026Updated last month
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆476Oct 29, 2025Updated 4 months ago
- ☆182Apr 24, 2025Updated 10 months ago
- Enumeration & fingerprint tool☆23Mar 3, 2024Updated 2 years ago
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,476Mar 2, 2026Updated 2 weeks ago
- ☆19Oct 23, 2020Updated 5 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆581Dec 6, 2025Updated 3 months ago
- Evtx Log (xml) Browser��☆56Mar 12, 2023Updated 3 years ago
- Powershell script deobfuscation using AST in Python☆74Sep 20, 2025Updated 6 months ago
- Scripts and a short guide for using them to tier an Active Directory. Made for BSides Copenhagen 2024☆39Oct 20, 2025Updated 5 months ago
- ☆14Sep 26, 2023Updated 2 years ago
- Go fastcall analysis for ida decompiler☆46Jun 25, 2025Updated 8 months ago
- Adversary Simulation Framework☆38Aug 19, 2025Updated 7 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆791Mar 14, 2026Updated last week
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 4 years ago
- Artifact collection tool for *nix systems☆213Mar 20, 2024Updated 2 years ago
- A curated list of KAPE-related resources☆184May 1, 2025Updated 10 months ago
- IDA plugin to deobfuscate emotet CFF☆18Apr 26, 2022Updated 3 years ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆110Aug 26, 2024Updated last year
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,077Dec 11, 2024Updated last year
- A standalone DLL that exports databases in cleartext once injected in the KeePass process.☆300Mar 1, 2023Updated 3 years ago
- Windows symbol tables for Volatility 3☆93Jul 11, 2024Updated last year
- An ADCS honeypot to catch attackers in your internal network.☆326Jun 27, 2024Updated last year
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- Klara docker compose☆11May 19, 2020Updated 5 years ago
- IDA plugin helping reverse-engineering rust binaries☆33Jul 31, 2024Updated last year
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,062Feb 24, 2026Updated 3 weeks ago
- Practical Windows Forensics Training☆754Feb 16, 2026Updated last month
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 2 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆40Oct 24, 2025Updated 4 months ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆80Sep 9, 2024Updated last year
- FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is de…☆818Mar 6, 2026Updated 2 weeks ago