fkie-cad / yapscan
Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
☆59Updated last year
Related projects ⓘ
Alternatives and complementary repositories for yapscan
- ☆82Updated 2 years ago
- ☆128Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆147Updated last month
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆99Updated last year
- ETW based POC to identify direct and indirect syscalls☆173Updated last year
- ☆67Updated last year
- ☆139Updated last year
- Simple EDR implementation to demonstrate bypass☆159Updated 4 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆97Updated last year
- Experiment on reproducing Obfuscate & Sleep☆139Updated 3 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆153Updated 3 years ago
- ☆112Updated 2 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆97Updated 2 years ago
- ☆160Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆111Updated last year
- PoC to demonstrate how CLR ETW events can be tampered.☆185Updated 4 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆121Updated 2 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆163Updated last year
- ☆106Updated last year
- Overwrite a process's recovery callback and execute with WER☆102Updated 2 years ago
- A fake AMSI Provider which can be used for persistence.☆139Updated 3 years ago
- ☆73Updated last year
- A Poc on blocking Procmon from monitoring network events☆98Updated 2 years ago
- Small visualizator for PE files☆67Updated last year
- Finding secrets in kernel and user memory☆113Updated last year
- Shellcode injector using direct syscalls☆117Updated 4 years ago
- Inter-Process Communication Mechanisms☆24Updated 4 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆110Updated last year