fkie-cad / yapscan
Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
☆57Updated last year
Related projects ⓘ
Alternatives and complementary repositories for yapscan
- ☆82Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆146Updated 3 weeks ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- ☆128Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆99Updated last year
- ☆67Updated last year
- ☆139Updated last year
- ☆33Updated 2 years ago
- Lists of AMSI triggers (VBA, JScript / VBScript)☆32Updated 5 years ago
- Experiment on reproducing Obfuscate & Sleep☆138Updated 3 years ago
- ☆111Updated 2 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆97Updated last year
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆97Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- Overwrite a process's recovery callback and execute with WER☆102Updated 2 years ago
- ☆160Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆162Updated last year
- Go implementation of the Heaven's Gate technique☆94Updated 3 years ago
- Finding secrets in kernel and user memory☆113Updated last year
- Simple EDR implementation to demonstrate bypass☆159Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆97Updated 3 years ago
- Detect strange memory regions and DLLs☆168Updated 2 years ago
- Windows (ShadowMove) Socket Duplication☆78Updated 4 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs☆117Updated 2 years ago
- Use YARA rules on Time Travel Debugging traces☆85Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- signed-loaders documents Windows executables that can be used for side-loading DLLs.☆67Updated 5 years ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year