hfiref0x / MpEnum
Enumerate Windows Defender threat families and dump their names according category
☆90Updated 5 years ago
Alternatives and similar repositories for MpEnum:
Users that are interested in MpEnum are comparing it to the libraries listed below
- Windows Drivers☆97Updated 5 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆120Updated 4 years ago
- Parsers for custom malware formats ("Funky malware formats")☆95Updated 3 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- FLARE Kernel Shellcode Loader☆176Updated 5 years ago
- a program to detect reflective dll injection on a live machine☆75Updated 9 years ago
- Process Doppelgänging☆156Updated 7 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- CAPE monitor DLLs☆39Updated 5 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆77Updated 9 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆94Updated 3 years ago
- ☆113Updated 8 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆109Updated 4 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- zer0m0n driver for cuckoo sandbox☆87Updated 8 years ago
- Modified edition of cuckoomon☆49Updated 6 years ago
- ☆69Updated last year
- Various Yara signatures (possibly to be included in a release later).☆86Updated 5 years ago
- Simple 32/64-bit PEs loader.☆137Updated 6 years ago
- Tool to view and create Microsoft shim database files (SDB).☆113Updated 7 years ago
- Driver Initial Reconnaissance Tool☆122Updated 5 years ago
- PoC designed to evade userland-hooking anti-virus.☆88Updated 5 years ago
- Official VirusTotal plugin for IDA Pro☆157Updated last year
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- DLL Injection Library & Tools☆72Updated 8 years ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆64Updated 3 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆40Updated 5 years ago
- A simple API monitor for Windbg☆63Updated 7 years ago
- ConventionEngine - A Yara Rulepack for PDB Path Hunting☆38Updated 2 years ago