Malandrone / PowerDecode
PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and checking http response.It can also detect if the malware attempts to inject shellcode into memory.
☆174Updated 10 months ago
Alternatives and similar repositories for PowerDecode:
Users that are interested in PowerDecode are comparing it to the libraries listed below
- A ProcessMonitor visualization application written in rust.☆179Updated last year
- A collection of tools, scripts and personal research☆125Updated 8 months ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆169Updated this week
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆155Updated 3 weeks ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆233Updated this week
- ☆199Updated 4 months ago
- ☆212Updated last month
- Aims to identify sleeping beacons☆569Updated 3 months ago
- Dump quarantined files from Windows Defender☆61Updated 2 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆116Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆205Updated last year
- Collection of Volatility2 profiles, generated against Linux kernels.☆35Updated last week
- Repository of Yara Rules☆103Updated 3 weeks ago
- Collection of Linux and macOS Volatility3 Intermediate Symbol Files (ISF), suitable for memory analysis 🔍☆100Updated last week
- Find potential DLL Sideloads on your windows computer☆176Updated 2 months ago
- ☆234Updated 10 months ago
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆267Updated last year
- ☆296Updated 4 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆375Updated 2 weeks ago
- A repository for additional files related to the book Windows Security Internals with PowerShell from No Starch Press.☆156Updated 11 months ago
- AV/EDR Lab environment setup references to help in Malware development☆367Updated 3 weeks ago
- Analyse your malware to surgically obfuscate it☆454Updated 2 weeks ago
- ☆186Updated last year
- The Windows Malware Analysis Reversing Core Tools☆91Updated 4 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆320Updated last year
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆120Updated last month
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆174Updated last month
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆590Updated this week
- Python tool to check rootkits in Windows kernel☆194Updated last week
- ☆157Updated last year