Alternatives and similar repositories for maldoca

Users that are interested in maldoca are comparing it to the libraries listed below

• avast / yaramod
  Parsing of YARA rules into AST and building new rulesets in C++.
  ☆129Updated this week
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆81Updated last week
• MathildeVenault / SysMainView
  This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …
  ☆32Updated 5 years ago
• google / vxsig
  Automatically generate AV byte signatures from sets of similar binaries.
  ☆284Updated last year
• airbus-cert / yara-ttd
  Use YARA rules on Time Travel Debugging traces
  ☆96Updated 2 years ago
• hasherezade / pe2pic
  Small visualizator for PE files
  ☆70Updated 2 years ago
• avast / yarang
  Alternative YARA scanning engine
  ☆73Updated 3 years ago
• intel471 / coderex
  A tool that automates regex generation for the x86 and x86-64 instruction sets
  ☆71Updated last year
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Updated 3 years ago
• mandiant / capa-testfiles
  Data to test capa's code and rules.
  ☆46Updated last week
• ohjeongwook / ShellCodeEmulator
  Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment
  ☆124Updated 5 years ago
• kevoreilly / capemon
  capemon: CAPE's monitor
  ☆142Updated this week
• palantir / exploitguard
  Documentation and supporting script sample for Windows Exploit Guard
  ☆161Updated 3 months ago
• hfiref0x / MpEnum
  Enumerate Windows Defender threat families and dump their names according category
  ☆93Updated 6 years ago
• libyal / libmdmp
  Library and tools to access the Windows Minidump (MDMP) format
  ☆44Updated last week
• hasherezade / pe_utils
  A set of small utilities, helpers for PIN tracers
  ☆35Updated 2 months ago
• zodiacon / syllabi
  ☆63Updated last year
• libyal / winevt-kb
  Windows Event Log Knowledge Base
  ☆28Updated 2 weeks ago
• mandiant / win10_rekall
  Rekall Memory Forensic Framework
  ☆33Updated 6 years ago
• kobykahane / NpEtw
  Named pipe I/O ETW provider for Windows
  ☆71Updated 5 years ago
• ITAYC0HEN / SUNBURST-Cracked
  The following repository contains a modified version of SUNBURST with cracekd hashes, comments and annotations.
  ☆56Updated 4 years ago
• fr0gger / unprotect
  Unprotect is a python tool for parsing PE malware and extract evasion techniques.
  ☆119Updated 2 years ago
• hatching / roach
  Cockroach is your primitive & immortal swiss army knife.
  ☆49Updated 4 years ago
• ulexec / EmotetCFU
  WIP Emotet Control Flow Unflattening using miasm and radare2
  ☆23Updated 2 years ago
• nccgroup / WindowsJobLock
  Windows Process Lockdown Tool using Job Objects
  ☆70Updated 12 years ago
• ionescu007 / hazmat5
  Local OXID Resolver (LCLOR) : Research and Tooling
  ☆36Updated 4 years ago
• redcanaryco / exploit-primitive-playground
  ☆64Updated last year
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆144Updated 5 years ago
• avast / yls
  YARA Language Server
  ☆75Updated 3 weeks ago
• hillu / yara-rules-re
  Tools for inspecting YARA bytecode
  ☆21Updated 5 years ago