felixweyne / ProcessSpawnControlLinks
Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it.
☆263Updated 3 years ago
Alternatives and similar repositories for ProcessSpawnControl
Users that are interested in ProcessSpawnControl are comparing it to the libraries listed below
Sorting:
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆289Updated 8 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆220Updated 5 years ago
- Miscellaneous Malware RE☆196Updated 3 years ago
- Live hunting of code injection techniques☆383Updated 5 years ago
- ☆134Updated 6 years ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆139Updated 2 years ago
- snake - a malware storage zoo☆216Updated 2 years ago
- Python script to decode common encoded PowerShell scripts☆216Updated 7 years ago
- ☆427Updated 2 years ago
- ☆83Updated 5 years ago
- c2 traffic☆189Updated 2 years ago
- ☆218Updated 7 years ago
- Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.☆277Updated 3 years ago
- Generating YARA rules based on binary code☆213Updated 3 years ago
- A YARA-integrated process denial framework for Windows☆396Updated 5 years ago
- Parse evtx files and detect use of the DanderSpritz eventlogedit module☆148Updated 7 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆447Updated 2 years ago
- ☆278Updated 2 years ago
- Lazy Office Analyzer☆122Updated 8 years ago
- YARA malware query accelerator (web frontend)☆433Updated 4 months ago
- A tool for de-obfuscating PowerShell scripts☆69Updated 6 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.☆421Updated 5 years ago
- ☆351Updated 4 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- For all these times you're asking yourself "what is this panel again?"☆257Updated 2 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- Reconstruct process trees from event logs☆146Updated 4 years ago
- Various scripts for different malware families☆106Updated 4 years ago