felixweyne / ProcessSpawnControl
Process Spawn Control is a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it.
☆261Updated 3 years ago
Alternatives and similar repositories for ProcessSpawnControl:
Users that are interested in ProcessSpawnControl are comparing it to the libraries listed below
- Allows you to quickly query a Windows machine for RAM artifacts☆221Updated 4 years ago
- Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques …☆281Updated 7 years ago
- Generating YARA rules based on binary code☆208Updated 3 years ago
- Python script to decode common encoded PowerShell scripts☆216Updated 6 years ago
- Miscellaneous Malware RE☆195Updated 2 years ago
- ☆350Updated 4 years ago
- Live hunting of code injection techniques☆380Updated 5 years ago
- c2 traffic☆188Updated 2 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆214Updated 5 years ago
- ☆216Updated 7 years ago
- ☆134Updated 6 years ago
- Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant☆236Updated 2 years ago
- FileInsight-plugins: decoding toolbox of McAfee FileInsight hex editor for malware analysis☆161Updated 4 months ago
- FCL (Fileless Command Lines) - Known command lines of fileless malicious executions☆467Updated 4 years ago
- ☆276Updated 2 years ago
- ☆429Updated last year
- ☆125Updated 2 months ago
- Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect …☆137Updated 2 years ago
- A tool for de-obfuscating PowerShell scripts☆68Updated 6 years ago
- A list of ways to execute code on Windows using legitimate Windows tools☆307Updated 5 years ago
- Neutering Sysmon via driver unload☆228Updated 2 years ago
- Static based decoders for malware samples☆93Updated 4 years ago
- A modern Python-3-based alternative to RegRipper☆194Updated 3 weeks ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆447Updated 2 years ago
- For all these times you're asking yourself "what is this panel again?"☆255Updated last year
- ☆302Updated 4 years ago
- Log newly created WMI consumers and processes to the Windows Application event log☆124Updated 7 years ago
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- Sysmon Tools for PowerShell☆229Updated 6 years ago