Velocidex / Linpmem

Related projects: ⓘ

• 0x534a / dynmx
  Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!
  ☆80Updated last year
• magicsword-io / bootloaders
  bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profes…
  ☆47Updated last year
• airbus-cert / yara-ttd
  Use YARA rules on Time Travel Debugging traces
  ☆86Updated last year
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆105Updated 2 months ago
• airbus-cert / minusone
  Powershell Linter
  ☆46Updated 2 months ago
• lasq88 / MalwareAnalysis
  Malware Analysis tools
  ☆24Updated last week
• JPCERTCC / Windows-Symbol-Tables
  Windows symbol tables for Volatility 3
  ☆72Updated 2 months ago
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆191Updated last year
• RussianPanda95 / Yara-Rules
  Repository of Yara Rules
  ☆83Updated last week
• vvelitkn / Evasion-Escaper
  Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…
  ☆100Updated last year
• WithSecureLabs / GarbageMan
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆114Updated last year
• FarghlyMal / Config-Extractors
  ☆26Updated last month
• fr0gger / MalwareMuncher
  Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…
  ☆42Updated last year
• embee-research / Yara-detection-rules
  Yara Rules for Modern Malware
  ☆68Updated 6 months ago
• jstrosch / sclauncher
  A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …
  ☆121Updated 2 months ago
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆112Updated last year
• malsearchs / Static-Reverse-Engineering-SRE
  SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
  ☆49Updated 11 months ago
• kevthehermit / volatility_symbols
  Volatility Symbol Generator for Linux Kernels
  ☆28Updated 10 months ago
• SafeBreach-Labs / aikido_wiper
  ☆63Updated last year
• forensicxlab / VISION-ProcMon
  A ProcessMonitor visualization application written in rust.
  ☆175Updated last year
• thefLink / Hunt-Weird-Syscalls
  ETW based POC to identify direct and indirect syscalls
  ☆170Updated last year
• leandrofroes / malware-research
  General malware analysis stuff
  ☆35Updated 3 weeks ago
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆106Updated 2 weeks ago
• hugsy / recon_2024_windbg_workshop
  ☆70Updated 2 months ago
• n1ght-w0lf / Uchihash
  A small utility to deal with malware embedded hashes.
  ☆48Updated last year
• 0vercl0k / pwn2own2023-miami
  Writeups, PoCs of the bugs I found while preparing for the Pwn2Own Miami 2023 contest targeting UaGateway from the OPC UA Server category…
  ☆55Updated last year
• airbus-cert / vbSparkle
  VBScript & VBA source-to-source deobfuscator with partial-evaluation
  ☆72Updated last month
• Nassim-Asrir / CVE-2023-36424
  Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation
  ☆121Updated 6 months ago
• DissectMalware / yaradbg-frontend
  ☆37Updated 7 months ago
• Immersive-Labs-Sec / SliverC2-Forensics
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆104Updated last year