Alternatives and similar repositories for yapscan

Users that are interested in yapscan are comparing it to the libraries listed below

• scrt / avdebugger
  ☆96Updated 3 years ago
• joe-desimone / patriot
  ☆142Updated 2 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆64Updated 2 years ago
• CCob / SylantStrike
  Simple EDR implementation to demonstrate bypass
  ☆173Updated 5 years ago
• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆167Updated 2 months ago
• synacktiv / AMSI-Bypass
  Lists of AMSI triggers (VBA, JScript / VBScript)
  ☆33Updated 5 years ago
• boku7 / HellsGatePPID
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆103Updated 2 years ago
• n1ght-w0lf / Uchihash
  A small utility to deal with malware embedded hashes.
  ☆51Updated last year
• CymulateResearch / Blindside
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆128Updated 2 years ago
• nettitude / RunOF
  ☆146Updated 2 years ago
• netbiosX / AMSI-Provider
  A fake AMSI Provider which can be used for persistence.
  ☆151Updated 4 years ago
• y11en / FOLIAGE
  Experiment on reproducing Obfuscate & Sleep
  ☆145Updated 4 years ago
• t-tani / defender2yara
  Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules
  ☆88Updated this week
• waldo-irc / MalMemDetect
  Detect strange memory regions and DLLs
  ☆184Updated 3 years ago
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆123Updated 2 years ago
• t0-retooling / defender-recon24
  ☆52Updated 8 months ago
• pathtofile / SealighterTI
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆176Updated 2 years ago
• vvelitkn / Evasion-Escaper
  Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…
  ☆106Updated 4 months ago
• RedTeamOperations / Journey-to-McAfee
  ☆113Updated 3 years ago
• matterpreter / FindETWProviderImage
  Quickly search for references to a GUID in DLLs, EXEs, and drivers
  ☆74Updated 3 years ago
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆101Updated 3 years ago
• RedTeamOperations / VEH-PoC
  ☆114Updated 2 years ago
• thefLink / Hunt-Weird-Syscalls
  ETW based POC to identify direct and indirect syscalls
  ☆187Updated 2 years ago
• RiccardoAncarani / TaskShell
  ☆57Updated 4 years ago
• outflanknl / TamperETW
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆188Updated 5 years ago
• mdsecactivebreach / firewalker
  ☆151Updated 4 years ago
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆116Updated last year
• elastic / PPLGuard
  ☆70Updated 4 months ago
• airbus-cert / vbSparkle
  VBScript & VBA source-to-source deobfuscator with partial-evaluation
  ☆77Updated 10 months ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆51Updated last year