fkie-cad / yapscanLinks
Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
☆61Updated 2 years ago
Alternatives and similar repositories for yapscan
Users that are interested in yapscan are comparing it to the libraries listed below
Sorting:
- ☆96Updated 3 years ago
- ☆143Updated 3 years ago
- Detect strange memory regions and DLLs☆185Updated 3 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆173Updated last month
- ☆52Updated 9 months ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆107Updated 5 months ago
- Finding secrets in kernel and user memory☆116Updated last year
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- ☆113Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆178Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆187Updated 2 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆102Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆187Updated 3 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- Experiment on reproducing Obfuscate & Sleep☆146Updated 4 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆100Updated this week
- A fake AMSI Provider which can be used for persistence.☆151Updated 4 years ago
- ☆114Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- ☆70Updated 5 months ago
- Client/server code that impersonates TLS 1.3 to disguise C2 activity.☆70Updated 3 years ago
- ☆146Updated 2 years ago
- Inter-Process Communication Mechanisms☆28Updated 4 years ago
- ☆166Updated 3 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆156Updated 4 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆164Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago