GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
☆119Apr 8, 2023Updated 2 years ago
Alternatives and similar repositories for GarbageMan
Users that are interested in GarbageMan are comparing it to the libraries listed below
Sorting:
- MalUnpack companion driver☆99Jun 17, 2024Updated last year
- The FLARE team's open-source library to disassemble Common Intermediate Language (CIL) instructions.☆171Feb 5, 2026Updated 3 weeks ago
- ☆37Dec 27, 2021Updated 4 years ago
- ☆115Feb 13, 2026Updated 2 weeks ago
- Parse .NET executable files.☆85Jan 31, 2026Updated last month
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Maltego transforms to pivot between PE files based on their VirusTotal codeblocks☆19Jul 15, 2021Updated 4 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- IDA Pro plugin for recognizing known hashes of API function names☆83May 12, 2022Updated 3 years ago
- A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.☆58May 24, 2021Updated 4 years ago
- Dynamic unpacker based on PE-sieve☆796Sep 13, 2025Updated 5 months ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- An automatic unpacker and logger for DotNet Framework targeting files☆264Aug 23, 2023Updated 2 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆143Sep 19, 2022Updated 3 years ago
- A DTrace on Windows Reimplementation☆369Feb 3, 2026Updated 3 weeks ago
- ☆72Feb 28, 2023Updated 3 years ago
- Imphash-like calculation on Golang binaries☆49Jul 2, 2022Updated 3 years ago
- A code parser for C-Style header files that lets you to parse function's prototypes and data types used in their parameters.☆94Apr 17, 2022Updated 3 years ago
- A utility to fix intentionally corrupted UPX packed files.☆94May 22, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆855Feb 2, 2024Updated 2 years ago
- Proof of concept - Covert Channel using Windows Filtering Platform (C#)☆21Aug 29, 2021Updated 4 years ago
- ☆29Nov 22, 2023Updated 2 years ago
- ☆181Apr 24, 2025Updated 10 months ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆358Jan 29, 2022Updated 4 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆111Apr 20, 2021Updated 4 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- A command line Windows API tracing tool for Golang binaries.☆159Dec 4, 2023Updated 2 years ago
- How to spoof the command line when spawning a new process from C#.☆110Dec 28, 2021Updated 4 years ago
- ☆20Jul 23, 2023Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆74Dec 10, 2021Updated 4 years ago
- Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff☆57Sep 15, 2025Updated 5 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆127Feb 9, 2026Updated 2 weeks ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆806Mar 16, 2024Updated last year
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆553Apr 8, 2025Updated 10 months ago
- .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).☆29Jun 14, 2022Updated 3 years ago