Use YARA rules on Time Travel Debugging traces
☆96Jul 11, 2023Updated 2 years ago
Alternatives and similar repositories for yara-ttd
Users that are interested in yara-ttd are comparing it to the libraries listed below
Sorting:
- This tool calculates tricky canonical huffman histogram for CVE-2023-4863.☆26Dec 20, 2023Updated 2 years ago
- Extract data of TTD trace file to a minidump☆30Jul 31, 2023Updated 2 years ago
- ☆17Jun 30, 2020Updated 5 years ago
- Automatically generate AV byte signatures from sets of similar binaries.☆288Dec 10, 2024Updated last year
- A python library for generate ida pro files (*.idb/*.i64) in batch mode & compare executable files use bindiff in batch mode.☆32Jul 9, 2025Updated 8 months ago
- Tools for offensive security of NetBackup infrastructures☆43Jun 6, 2023Updated 2 years ago
- Automation script to download JSON MISP files from a SFTP server and import them via API to a MISP instance.☆15May 12, 2023Updated 2 years ago
- PoC compilation of libyara into WASM, for potential future CyberChef integration☆14Sep 18, 2022Updated 3 years ago
- Official VirusTotal plugin for IDA Pro☆179Feb 4, 2026Updated last month
- 关于intel和amd指令行为不一样这件事☆62Apr 15, 2022Updated 3 years ago
- Bindings for Microsoft WinDBG TTD☆235Aug 5, 2023Updated 2 years ago
- Show all mapped memory in a process☆22Oct 27, 2023Updated 2 years ago
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆19Feb 12, 2026Updated 3 weeks ago
- 基于UC的启发式杀毒引擎[还没做完]☆35Mar 28, 2021Updated 4 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆80Aug 7, 2024Updated last year
- 一款linux下的安全产品目的是满足个人安全需求有SSH爆破防护和SYN攻击扫描防护功能,基于netfilter,☆23Dec 2, 2023Updated 2 years ago
- IDA Pro plugin for recognizing known hashes of API function names☆83May 12, 2022Updated 3 years ago
- Time Travel Debugging IDA plugin☆592Jun 27, 2024Updated last year
- Use WinDBG to trace the Windows API calls of any Portable Executable file☆32Apr 13, 2017Updated 8 years ago
- A program to read and modify the memory of other processes.☆20May 19, 2023Updated 2 years ago
- ☆90Feb 12, 2025Updated last year
- A Windows kernel dump C++ parser library with Python 3 bindings.☆213Oct 5, 2025Updated 5 months ago
- Structured Bindings Pack - serialize C++ structs into MessagePack binary form☆21Nov 4, 2020Updated 5 years ago
- A small tool to unmap PE memory dumps.☆11Nov 9, 2023Updated 2 years ago
- POC for CVE-2023-29360☆12Aug 31, 2024Updated last year
- A fast execution trace symbolizer for Windows.☆130May 6, 2024Updated last year
- ☆21Oct 4, 2015Updated 10 years ago
- Powershell Linter☆89Updated this week
- ☆61May 25, 2022Updated 3 years ago
- Alternative YARA scanning engine☆73Aug 23, 2022Updated 3 years ago
- An eBPF detection program for CVE-2022-0847☆29Jul 5, 2022Updated 3 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆15Jul 19, 2025Updated 7 months ago
- Windows Kernel Mode PCRE☆10Feb 4, 2015Updated 11 years ago
- DbgFlashVul☆12Sep 8, 2015Updated 10 years ago
- X32DBG QT5 parsing scripts☆11Sep 8, 2022Updated 3 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Feb 26, 2026Updated last week
- Detect VM and Hypervisor☆10Jun 16, 2021Updated 4 years ago
- ☆11Jan 8, 2022Updated 4 years ago