Alternatives and similar repositories for Fake-Sandbox-Artifacts

Users that are interested in Fake-Sandbox-Artifacts are comparing it to the libraries listed below

• d4rksystem / VBoxCloak
  A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to …
  ☆390Updated 5 months ago
• strontic / xcyclopedia
  Encyclopedia for Executables
  ☆463Updated 4 years ago
• d4rksystem / VMwareCloak
  A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analys…
  ☆417Updated 10 months ago
• fireeye / BitsParser
  ☆151Updated last year
• airbus-cert / Winshark
  A wireshark plugin to instrument ETW
  ☆575Updated 3 years ago
• hasherezade / mal_unpack
  Dynamic unpacker based on PE-sieve
  ☆786Updated 3 months ago
• kaganisildak / malwarescarecrow
  A tool designed to make physical devices detectable by malware and make system look like virtual machine.
  ☆396Updated 5 years ago
• DissectMalware / XLMMacroDeobfuscator
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆584Updated last year
• ditekshen / detection
  Detection in the form of Yara, Snort and ClamAV signatures.
  ☆242Updated last year
• DissectMalware / batch_deobfuscator
  Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.
  ☆165Updated 3 years ago
• Neo23x0 / YARA-Performance-Guidelines
  A guide on how to write fast and memory friendly YARA rules
  ☆159Updated 10 months ago
• Squiblydoo / debloat
  A GUI and CLI tool for removing bloat from executables
  ☆435Updated 5 months ago
• ion-storm / sysmon-edr
  Sysmon EDR POC Build within Powershell to prove ability.
  ☆225Updated 4 years ago
• CheckPointSW / Evasions
  Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…
  ☆435Updated last year
• Karneades / malware-persistence
  Collection of malware persistence and hunting information. Be a persistent persistence hunter!
  ☆183Updated 2 months ago
• kacos2000 / MFT_Browser
  $MFT directory tree reconstruction & FILE record info
  ☆321Updated last year
• bartblaze / Yara-rules
  Collection of private Yara rules.
  ☆374Updated this week
• winterknife / PINKPANTHER
  Windows x64 handcrafted token stealing kernel-mode shellcode
  ☆510Updated last year
• Neo23x0 / Rewind
  Immediate Virus Infection Counter Measures
  ☆63Updated 4 years ago
• persistence-info / persistence-info.github.io
  ☆513Updated 2 years ago
• CheckPointSW / InviZzzible
  InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date…
  ☆576Updated 3 years ago
• EricZimmerman / LECmd
  Lnk Explorer Command line edition!!
  ☆331Updated 11 months ago
• xorhex / mlget
  A golang CLI tool to download malware from a variety of sources.
  ☆151Updated 5 months ago
• magicsword-io / LOLDrivers
  Living Off The Land Drivers
  ☆1,348Updated last week
• EricZimmerman / MFTECmd
  Parses $MFT from NTFS file systems
  ☆281Updated 7 months ago
• CERT-Polska / malduck
  Malduck is your ducky companion in malware analysis journeys
  ☆347Updated 5 months ago
• mandiant / capa-rules
  Standard collection of rules for capa: the tool for enumerating the capabilities of programs
  ☆660Updated 2 weeks ago
• marcosd4h / memhunter
  Live hunting of code injection techniques
  ☆383Updated 6 years ago
• Velocidex / WinPmem
  The multi-platform memory acquisition tool.
  ☆903Updated 2 months ago
• msuhanov / dfir_ntfs
  An NTFS/FAT parser for digital forensics & incident response
  ☆218Updated last month