PE-bear (builds only)
☆781Jun 4, 2023Updated 2 years ago
Alternatives and similar repositories for pe-bear-releases
Users that are interested in pe-bear-releases are comparing it to the libraries listed below
Sorting:
- Portable Executable parsing library (from PE-bear)☆660Oct 4, 2025Updated 5 months ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,318Oct 31, 2025Updated 4 months ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,570Oct 31, 2025Updated 4 months ago
- Dynamic unpacker based on PE-sieve☆798Sep 13, 2025Updated 6 months ago
- Portable Executable reversing tool with a friendly GUI☆3,503Nov 2, 2025Updated 4 months ago
- A Pin Tool for tracing API calls etc☆1,625Feb 8, 2026Updated last month
- Converts PE into a shellcode☆2,753Aug 30, 2025Updated 6 months ago
- Materials for Windows Malware Analysis training (volume 1)☆2,028Jul 1, 2024Updated last year
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,335Mar 7, 2026Updated last week
- Converts a DLL into EXE☆816Jul 23, 2023Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆582Mar 8, 2024Updated 2 years ago
- Parsers for custom malware formats ("Funky malware formats")☆98Jan 8, 2022Updated 4 years ago
- Quickly debug shellcode extracted during malware analysis☆628May 23, 2023Updated 2 years ago
- AV/EDR evasion via direct system calls.☆1,996Jan 1, 2023Updated 3 years ago
- PE file viewer/editor for Windows, Linux and MacOS.☆1,198Updated this week
- Open-Source Shellcode & PE Packer☆2,074Feb 3, 2024Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆685Mar 11, 2024Updated 2 years ago
- Windows kernel and user mode emulation.☆1,887Updated this week
- Some of my publicly available Malware analysis and Reverse engineering.☆940Jun 3, 2024Updated last year
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆640Aug 30, 2022Updated 3 years ago
- AV/EDR evasion via direct system calls.☆1,795Sep 3, 2022Updated 3 years ago
- Program for determining types of files for Windows, Linux and MacOS.☆10,394Updated this week
- Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide☆4,028Jun 4, 2024Updated last year
- DIE engine☆2,989Updated this week
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,877Updated this week
- IFL - Interactive Functions List (plugin for IDA Pro)☆488Feb 27, 2026Updated 2 weeks ago
- xAnalyzer plugin for x64dbg☆1,191Aug 13, 2025Updated 7 months ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,915Updated this week
- Tool to bypass LSA Protection (aka Protected Process Light)☆989Dec 4, 2022Updated 3 years ago
- Inject .NET assemblies into an existing process☆507Jan 19, 2022Updated 4 years ago
- A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering env…☆8,423Dec 23, 2025Updated 2 months ago
- Windows Object Explorer 64-bit☆1,891Updated this week
- Linker/Compiler/Tool detector for Windows, Linux and MacOS.☆569Updated this week
- Defeating Windows User Account Control☆7,428Feb 17, 2026Updated 3 weeks ago
- PDBRipper is a utility for extract an information from PDB-files.☆881Updated this week
- ☆2,168Feb 21, 2023Updated 3 years ago
- Simple (relatively) things allowing you to dig a bit deeper than usual.☆3,484Feb 16, 2026Updated 3 weeks ago
- MalUnpack companion driver☆98Jun 17, 2024Updated last year