Alternatives and similar repositories for maldoca

Users that are interested in maldoca are comparing it to the libraries listed below

• google / vxsig
  Automatically generate AV byte signatures from sets of similar binaries.
  ☆274Updated 6 months ago
• avast / yaramod
  Parsing of YARA rules into AST and building new rulesets in C++.
  ☆124Updated this week
• libyal / libscca
  Library and tools to access the Windows Prefetch File (SCCA) format.
  ☆75Updated 6 months ago
• hatching / roach
  Cockroach is your primitive & immortal swiss army knife.
  ☆49Updated 3 years ago
• ohjeongwook / ShellCodeEmulator
  Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment
  ☆123Updated 4 years ago
• mandiant / capa-testfiles
  Data to test capa's code and rules.
  ☆42Updated last week
• Sentinel-One / SKREAM
  SentinelOne's KeRnel Exploits Advanced Mitigations
  ☆54Updated 6 years ago
• trendmicro / telfhash
  Symbol hash for ELF files
  ☆111Updated 3 years ago
• kevoreilly / capemon
  capemon: CAPE's monitor
  ☆123Updated this week
• hasherezade / pe_utils
  A set of small utilities, helpers for PIN tracers
  ☆33Updated last year
• williballenthin / viv-utils
  Utilities for working with vivisect
  ☆25Updated 3 months ago
• tyranid / DumpReparsePoints
  This is a simple tool to dump all the reparse points on an NTFS volume.
  ☆33Updated 4 years ago
• hasherezade / pe2pic
  Small visualizator for PE files
  ☆69Updated last year
• MathildeVenault / SysMainView
  This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …
  ☆31Updated 4 years ago
• intel471 / coderex
  A tool that automates regex generation for the x86 and x86-64 instruction sets
  ☆73Updated last year
• immortalp0ny / yarg
  Yet another rule generator for Yara
  ☆29Updated 3 weeks ago
• avast / yarang
  Alternative YARA scanning engine
  ☆70Updated 2 years ago
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Updated 2 years ago
• mandiant / flare-kscldr
  FLARE Kernel Shellcode Loader
  ☆178Updated 6 years ago
• kobykahane / NpEtw
  Named pipe I/O ETW provider for Windows
  ☆70Updated 4 years ago
• avast / yari
  YARI is an interactive debugger for YARA Language.
  ☆88Updated last week
• c3rb3ru5d3d53c / karton-unpacker
  A modular Karton Framework service that unpacks common packers like UPX and others using the Qiling Framework.
  ☆58Updated 4 years ago
• nccgroup / WindowsJobLock
  Windows Process Lockdown Tool using Job Objects
  ☆69Updated 11 years ago
• CAPESandbox / community
  Community modules for CAPE Sandbox
  ☆100Updated last week
• hfiref0x / MpEnum
  Enumerate Windows Defender threat families and dump their names according category
  ☆90Updated 6 years ago
• microsoft / SysmonCommon
  The common parts of the Sysinternals Sysmon tool shared between the Windows and Linux versions.
  ☆63Updated 5 months ago
• intezer / analyze-community-ghidra-plugin
  Ghidra plugin for https://analyze.intezer.com
  ☆71Updated 2 years ago
• libyal / libmdmp
  Library and tools to access the Windows Minidump (MDMP) format
  ☆43Updated 11 months ago
• CERT-Polska / ursadb
  Trigram database written in C++, suited for malware indexing
  ☆125Updated 8 months ago
• zodiacon / syllabi
  ☆62Updated last year