airbus-cert / vbSparkle
VBScript & VBA source-to-source deobfuscator with partial-evaluation
☆72Updated last month
Related projects: ⓘ
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆157Updated last year
- Small visualizator for PE files☆66Updated 11 months ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆114Updated 2 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆50Updated 2 years ago
- Use YARA rules on Time Travel Debugging traces☆86Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆61Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆145Updated 8 months ago
- Finding secrets in kernel and user memory☆112Updated last year
- Powershell Linter☆46Updated 2 months ago
- Winbindex bot to pull in binaries for specific releases☆44Updated last year
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆38Updated 3 months ago
- ☆97Updated last year
- Repo containing my public talks☆22Updated last year
- ☆22Updated 3 months ago
- ☆123Updated 2 years ago
- ☆150Updated 4 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆190Updated last year
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆100Updated last year
- Unpacking and decryption tools for the Emotet malware☆46Updated 2 years ago
- Reverse Engineering and Debugging Malware☆28Updated last year
- ☆19Updated 9 months ago
- ETW based POC to identify direct and indirect syscalls☆170Updated last year
- Powershell script deobfuscation using AST in Python☆61Updated 8 months ago
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆42Updated last year
- ☆50Updated this week
- Yara Rules for Modern Malware☆68Updated 6 months ago
- C# Utilities for Windows Notification Facility☆122Updated 4 months ago