Malandrone / PowerDecodeLinks
PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆198Updated last year
Alternatives and similar repositories for PowerDecode
Users that are interested in PowerDecode are comparing it to the libraries listed below
Sorting:
- A ProcessMonitor visualization application written in rust.☆181Updated 2 years ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆190Updated this week
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆167Updated 4 months ago
- ☆203Updated 9 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆245Updated 4 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆128Updated 2 years ago
- A collection of tools, scripts and personal research☆144Updated last month
- ☆161Updated last year
- Memory acquisition for Linux that makes sense.☆201Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆214Updated 2 years ago
- Repository of Yara Rules☆114Updated 3 months ago
- Dump quarantined files from Windows Defender☆64Updated 3 years ago
- Python tool to check rootkits in Windows kernel☆198Updated 5 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆156Updated last year
- RegRipper4.0☆58Updated 3 months ago
- ☆237Updated 2 months ago
- Elastic Security Labs releases☆78Updated last month
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆663Updated 2 weeks ago
- ☆252Updated last year
- Collection of Volatility2 profiles, generated against Linux kernels.☆47Updated last month
- Powershell Linter☆79Updated last week
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆129Updated 6 months ago
- A curated list of ressources for Volatility 2 & 3☆12Updated last year
- Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍☆174Updated last month
- Windows symbol tables for Volatility 3☆88Updated last year
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆283Updated last year
- A C# based tool for analysing malicious OneNote documents☆114Updated 2 years ago
- The Windows Malware Analysis Reversing Core Tools☆96Updated 4 years ago
- Handbook of windows forensic artifacts across multiple Windows version with interpretation tips and some examples. Work in progress!☆374Updated 11 months ago
- ☆113Updated 3 weeks ago