forensicxlab / VISION-ProcMon
A ProcessMonitor visualization application written in rust.
☆178Updated last year
Alternatives and similar repositories for VISION-ProcMon:
Users that are interested in VISION-ProcMon are comparing it to the libraries listed below
- A C# based tool for analysing malicious OneNote documents☆113Updated 2 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆237Updated 3 weeks ago
- ☆201Updated 5 months ago
- ☆218Updated 2 months ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆160Updated 3 weeks ago
- A collection of tools, scripts and personal research☆127Updated 2 weeks ago
- Python tool to check rootkits in Windows kernel☆196Updated last month
- LOLESXi is a curated compilation of binaries/scripts available in VMware ESXi that are were used to by adversaries in their intrusions. T…☆123Updated 3 months ago
- Repository of Yara Rules☆110Updated 2 weeks ago
- ☆245Updated 11 months ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆175Updated this week
- A collection of tools and detections for the Sliver C2 Frameworj☆123Updated 2 years ago
- ☆136Updated 2 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆208Updated last year
- Configuration Extractors for Malware☆102Updated this week
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆271Updated last year
- Active C&C Detector☆153Updated last year
- ☆157Updated last year
- ☆298Updated 5 months ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- Finding secrets in kernel and user memory☆115Updated last year
- Dump quarantined files from Windows Defender☆62Updated 3 years ago
- Tools for analyzing EDR agents☆228Updated 10 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year
- ☆117Updated last year
- Rules shared by the community from 100 Days of YARA 2024☆85Updated 3 months ago
- ☆66Updated 2 years ago
- Initial triage of Windows Event logs☆97Updated 10 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆142Updated 9 months ago