airbus-cert / yara-ttdLinks
Use YARA rules on Time Travel Debugging traces
☆90Updated last year
Alternatives and similar repositories for yara-ttd
Users that are interested in yara-ttd are comparing it to the libraries listed below
Sorting:
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated 2 years ago
- ☆104Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆115Updated 10 months ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆83Updated last year
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆109Updated 4 years ago
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆72Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆174Updated 2 years ago
- Powershell script deobfuscation using AST in Python☆66Updated last year
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆77Updated 9 months ago
- A golang CLI tool to download malware from a variety of sources.☆146Updated last year
- Powershell Linter☆53Updated last month
- Alternative YARA scanning engine☆70Updated 2 years ago
- ☆73Updated 11 months ago
- ☆158Updated last month
- ETW based POC to identify direct and indirect syscalls☆185Updated 2 years ago
- Malware Configuration Extraction Modules☆50Updated last year
- ☆114Updated 3 weeks ago
- ☆52Updated 7 months ago
- A guide on how to write fast and memory friendly YARA rules☆143Updated 3 months ago
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆62Updated last month
- A collection of modules and scripts to help with analyzing Nim binaries☆73Updated 7 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆144Updated 10 months ago
- MalUnpack companion driver☆98Updated 11 months ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆61Updated last year
- Sysmon-Like research tool for ETW☆353Updated 2 years ago
- Winbindex bot to pull in binaries for specific releases☆48Updated last year
- ☆223Updated 4 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆77Updated this week
- capemon: CAPE's monitor☆118Updated last week
- 100 Days of YARA to be updated with rules & ideas as the year progresses☆60Updated 2 years ago