YoavLevi / IAT-TracerLinks
An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.
☆120Updated last year
Alternatives and similar repositories for IAT-Tracer
Users that are interested in IAT-Tracer are comparing it to the libraries listed below
Sorting:
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆118Updated 2 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆128Updated last week
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆83Updated 2 years ago
- Recon 2023 slides and code☆80Updated 2 years ago
- ☆114Updated 3 months ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆33Updated 6 years ago
- IDA Pro plugin to aid with the analysis of native IIS modules☆19Updated last year
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆107Updated 8 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆124Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆114Updated 2 years ago
- ☆71Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆187Updated 2 years ago
- ☆74Updated last year
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆80Updated last year
- A command line Windows API tracing tool for Golang binaries.☆157Updated last year
- ☆53Updated last year
- ☆83Updated 2 months ago
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆47Updated last year
- Windows x64 kernel mode rootkit process hollowing POC.☆188Updated 2 years ago
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆126Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆107Updated 2 months ago
- ☆147Updated 3 years ago
- A Python script to download PDB files associated with a Portable Executable (PE)☆125Updated 8 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated 4 months ago
- Exploitable drivers, you know what I mean☆153Updated 3 weeks ago
- ☆106Updated 11 months ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆190Updated 2 years ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆117Updated last year
- HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion☆61Updated 6 months ago
- A dynamic unpacking tool☆141Updated 2 years ago