felixweyne / ProcessSpawnControl
Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it.
☆258Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for ProcessSpawnControl
- Allows you to quickly query a Windows machine for RAM artifacts☆218Updated 4 years ago
- ☆213Updated 6 years ago
- Live hunting of code injection techniques☆375Updated 5 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆208Updated 5 years ago
- Python script to decode common encoded PowerShell scripts☆215Updated 6 years ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆278Updated 7 years ago
- ☆416Updated last year
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆130Updated 2 years ago
- c2 traffic☆188Updated last year
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 6 years ago
- ☆347Updated 3 years ago
- Miscellaneous Malware RE☆195Updated 2 years ago
- ☆273Updated last year
- A list of ways to execute code on Windows using legitimate Windows tools☆303Updated 5 years ago
- Generating YARA rules based on binary code☆202Updated 3 years ago
- ☆294Updated 4 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆417Updated 3 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150Updated 4 years ago
- Reconstruct process trees from event logs☆146Updated 4 years ago
- A repository that maps API calls to Sysmon Event ID's.☆116Updated last year
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆266Updated 6 months ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 7 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆197Updated 3 years ago
- Documentation and supporting script sample for Windows Exploit Guard☆147Updated 2 years ago
- A VBA parser and emulation engine to analyze malicious macros.☆91Updated this week
- Sysmon Tools for PowerShell☆229Updated 6 years ago
- A tool for de-obfuscating PowerShell scripts☆66Updated 5 years ago
- Neutering Sysmon via driver unload☆221Updated 2 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆443Updated 2 years ago