Velocidex / Linpmem
Linpmem is a linux memory acquisition tool
☆69Updated 4 months ago
Related projects: ⓘ
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profes…☆47Updated last year
- Use YARA rules on Time Travel Debugging traces☆86Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- Powershell Linter☆46Updated 2 months ago
- Malware Analysis tools☆24Updated last week
- Windows symbol tables for Volatility 3☆72Updated 2 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆191Updated last year
- Repository of Yara Rules☆83Updated last week
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆100Updated last year
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated last year
- ☆26Updated last month
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆42Updated last year
- Yara Rules for Modern Malware☆68Updated 6 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆121Updated 2 months ago
- Finding secrets in kernel and user memory☆112Updated last year
- SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool☆49Updated 11 months ago
- Volatility Symbol Generator for Linux Kernels☆28Updated 10 months ago
- ☆63Updated last year
- A ProcessMonitor visualization application written in rust.☆175Updated last year
- ETW based POC to identify direct and indirect syscalls☆170Updated last year
- General malware analysis stuff☆35Updated 3 weeks ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆106Updated 2 weeks ago
- ☆70Updated 2 months ago
- A small utility to deal with malware embedded hashes.☆48Updated last year
- Writeups, PoCs of the bugs I found while preparing for the Pwn2Own Miami 2023 contest targeting UaGateway from the OPC UA Server category…☆55Updated last year
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆72Updated last month
- Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation☆121Updated 6 months ago
- ☆37Updated 7 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆104Updated last year