PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆236Apr 28, 2024Updated 2 years ago
Alternatives and similar repositories for PowerDecode
Users that are interested in PowerDecode are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PowerShell script for deobfuscating encoded PowerShell scripts☆437Feb 4, 2021Updated 5 years ago
- Volatility 3 Plugins☆21Oct 3, 2022Updated 3 years ago
- A tool for de-obfuscating PowerShell scripts☆71Apr 24, 2019Updated 7 years ago
- A C2 framework inspired by anime, made in python.☆12Feb 8, 2026Updated 3 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆124May 16, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- MS Graph Commands and Tools for Blue Teamers☆51Feb 4, 2026Updated 3 months ago
- Help deobfuscate VBScript☆18Jul 1, 2022Updated 3 years ago
- PowerShell tools to help defenders hunt smarter, hunt harder.☆483Oct 29, 2025Updated 6 months ago
- ☆204May 10, 2026Updated last week
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,548May 9, 2026Updated last week
- Enumeration & fingerprint tool☆24Mar 3, 2024Updated 2 years ago
- ☆20Oct 23, 2020Updated 5 years ago
- Artifact collection tool for *nix systems☆219Mar 20, 2024Updated 2 years ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆621May 8, 2026Updated 2 weeks ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Evtx Log (xml) Browser☆59Mar 12, 2023Updated 3 years ago
- Powershell script deobfuscation using AST in Python☆74Sep 20, 2025Updated 8 months ago
- Scripts and a short guide for using them to tier an Active Directory. Made for BSides Copenhagen 2024☆39Oct 20, 2025Updated 7 months ago
- ☆14Sep 26, 2023Updated 2 years ago
- Go fastcall analysis for ida decompiler☆47Jun 25, 2025Updated 10 months ago
- Adversary Simulation Framework☆40Aug 19, 2025Updated 9 months ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆812May 15, 2026Updated last week
- A powershell parser for https://github.com/ufrisk/MemProcFS☆45May 12, 2021Updated 5 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆89Mar 11, 2026Updated 2 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- IDA plugin to deobfuscate emotet CFF☆18Apr 26, 2022Updated 4 years ago
- A curated list of KAPE-related resources☆187May 1, 2025Updated last year
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆113Aug 26, 2024Updated last year
- A standalone DLL that exports databases in cleartext once injected in the KeePass process.☆301Mar 1, 2023Updated 3 years ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,113Dec 11, 2024Updated last year
- Windows symbol tables for Volatility 3☆94Jul 11, 2024Updated last year
- An ADCS honeypot to catch attackers in your internal network.☆328Jun 27, 2024Updated last year
- NTFS file system specimens☆13Jul 3, 2023Updated 2 years ago
- IDA plugin helping reverse-engineering rust binaries☆34Jul 31, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Klara docker compose☆11May 19, 2020Updated 6 years ago
- Practical Windows Forensics Training☆763Feb 16, 2026Updated 3 months ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,169Updated this week
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆120Apr 8, 2023Updated 3 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆82Sep 9, 2024Updated last year
- A powerful macOS triage collection tool designed for forensic analysis. It gathers critical system artifacts such as FSEvents, Spotlight,…☆43Oct 24, 2025Updated 6 months ago