aelth / dementia-forensics

Related projects: ⓘ

• Dump-GUY / CAPA_JsonConver
  Converts exported results of CAPA tool from .json format to another formats supporting by different tools.
  ☆21Updated 2 years ago
• hasherezade / tag_converter
  ☆21Updated 3 years ago
• hasherezade / hidden_bee_tools
  Parser for a custom executable format from Hidden Bee malware (first stage)
  ☆39Updated last week
• mandiant / win10_rekall
  Rekall Memory Forensic Framework
  ☆29Updated 5 years ago
• pathtofile / SimpleAmsiProvider
  A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface
  ☆13Updated 4 years ago
• 3xp0rt / ProstoStealer
  ☆11Updated this week
• glinares / CSCGuard
  Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation
  ☆25Updated 6 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 6 years ago
• 0xZ0F / CPPMemory
  Code that can be used as a reference, library, or inspiration for hacking Windows memory.
  ☆50Updated 4 years ago
• libyal / libfwevt
  Library for Windows XML Event Log (EVTX) data types
  ☆16Updated 2 months ago
• fdiskyou / windows-ps-callbacks-experiments
  ☆40Updated this week
• dsnezhkov / HandsFreeCOM
  Self-Loading Registration Free COM Functions
  ☆11Updated 4 years ago
• robindimyan / MalwareVulnerabilitiesExposures
  Malware vulnerability research. Coming soon..
  ☆12Updated 4 years ago
• mgeeky / PEInfo
  Another Portable Executable files analysing stuff
  ☆18Updated 13 years ago
• connormcgarr / Kernel-Escalation-of-Privileges-Payloads
  NT AUTHORITY\SYSTEM
  ☆37Updated 4 years ago
• Cn33liz / HSEVD-VariousExploits
  ☆15Updated this week
• d35ha / xKeLogger
  Kernel mode windows NT API logger
  ☆21Updated 5 years ago
• tbarabosch / apihash_to_yara
  Generates YARA rules to detect malware using API hashing
  ☆17Updated 3 years ago
• yardenshafir / CallbackObjectAnalyzer
  Dumps information about all the callback objects found in a dump file and the functions registered for them
  ☆32Updated 3 years ago
• jthuraisamy / av-fingerprints
  Antivirus Emulator Fingerprints
  ☆25Updated 5 years ago
• vineetgaurav / WIN_JELLY
  Windows GPU rootkit PoC by Team Jellyfish
  ☆35Updated 9 years ago
• DimopoulosElias / Primitives
  ☆31Updated 4 years ago
• NtRaiseHardError / Phage
  Reflective DLL Injection style process infector
  ☆19Updated 6 years ago
• nccgroup / WindowsMemPageDelta
  A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection
  ☆28Updated 3 years ago
• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆40Updated last year
• ch3rn0byl / WinDbg-Extensions
  ☆17Updated 3 years ago
• DissectMalware / npp-langs-4-sec
  Notepad++ Syntax Highlighting for Languages Used by Cyber Security Professionals
  ☆14Updated 4 years ago
• NexusFuzzy / NanoDump
  Tool to decrypt the configuration of NanoCore and dump all used plugins
  ☆10Updated 3 years ago
• alfarom256 / PebLdr
  ☆15Updated 3 years ago