bontchev / pcodedmp
A VBA p-code disassembler
☆450Updated 3 years ago
Related projects: ⓘ
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆272Updated 2 years ago
- a vba pcode decompiler based on pcodedmp☆106Updated 3 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆1,044Updated 2 months ago
- A VBA implementation of the RunPE technique or how to bypass application whitelisting.☆786Updated 4 years ago
- VBA Dynamic Hook dynamically analyzes VBA macros inside Office documents by hooking function calls☆145Updated 8 years ago
- VBA Obfuscation Tools combined with an MS office document generator☆525Updated 6 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆568Updated 4 months ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆278Updated 7 years ago
- ☆415Updated last year
- A tool for detecting VBA stomping.☆95Updated 2 years ago
- Commandline low level file extractor for NTFS☆272Updated 5 years ago
- ☆210Updated this week
- ☆258Updated this week
- Windows registry file format specification☆319Updated 5 years ago
- Extract embedded files and macros from office documents.☆177Updated 9 months ago
- PoC of a VBA macro spawning a process with a spoofed parent and command line.☆372Updated 4 years ago
- PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.☆621Updated last month
- ☆723Updated last year
- Tool suite for inspecting NTFS artifacts.☆213Updated 10 months ago
- YARA malware query accelerator (web frontend)☆407Updated this week
- PowerShell script for deobfuscating encoded PowerShell scripts☆416Updated 3 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆444Updated last year
- Quickly debug shellcode extracted during malware analysis☆547Updated last year
- Regipy is an os independent python library for parsing offline registry hives☆240Updated 3 weeks ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆90Updated this week
- Lnk Explorer Command line edition!!☆261Updated 3 months ago
- ☆470Updated 6 years ago
- A list of ways to execute code on Windows using legitimate Windows tools☆301Updated 5 years ago
- ☆293Updated 4 years ago