kaganisildak / malwarescarecrowView external linksLinks
A tool designed to make physical devices detectable by malware and make system look like virtual machine.
☆397Sep 13, 2020Updated 5 years ago
Alternatives and similar repositories for malwarescarecrow
Users that are interested in malwarescarecrow are comparing it to the libraries listed below
Sorting:
- Sentello is python script that simulates the anti-evasion and anti-analysis techniques used by malware.☆75Mar 7, 2021Updated 4 years ago
- Converts C programs that only use syscalls to 64 bit assembly file.☆12Mar 7, 2021Updated 4 years ago
- Userland API Unhooker Project☆111Jun 14, 2021Updated 4 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆520Jul 15, 2022Updated 3 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆753Nov 16, 2021Updated 4 years ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆587May 5, 2024Updated last year
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆334Oct 9, 2021Updated 4 years ago
- This repo contain Android malware samples and analysis☆13Apr 3, 2021Updated 4 years ago
- ☆19Mar 31, 2022Updated 3 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆297Aug 18, 2023Updated 2 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆259Mar 6, 2025Updated 11 months ago
- A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. T…☆952Aug 11, 2021Updated 4 years ago
- A tool to kill antimalware protected processes☆1,509Jun 19, 2021Updated 4 years ago
- This repository contains indicators of compromise (IOCs) of our various investigations.☆310Nov 4, 2025Updated 3 months ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆321Sep 23, 2022Updated 3 years ago
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆524Feb 1, 2022Updated 4 years ago
- A list of all the DLLs export in C:\windows\system32\☆221Dec 22, 2021Updated 4 years ago
- Hide your payload in DNS☆617May 3, 2023Updated 2 years ago
- Stop Windows Defender using the Win32 API☆193Feb 2, 2022Updated 4 years ago
- A Canary which fires when uninstalled☆34Mar 16, 2021Updated 4 years ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆724Dec 26, 2022Updated 3 years ago
- A fake AMSI Provider which can be used for persistence.☆155May 16, 2021Updated 4 years ago
- A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis☆13Mar 22, 2022Updated 3 years ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,867Aug 18, 2023Updated 2 years ago
- Materials for Windows Malware Analysis training (volume 1)☆2,024Jul 1, 2024Updated last year
- Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or event…☆77Jul 13, 2021Updated 4 years ago
- A PowerShell armoury for security guys and girls☆467Jan 23, 2024Updated 2 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆502Jan 25, 2022Updated 4 years ago
- High Octane Triage Analysis☆813Updated this week
- Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.☆281Oct 29, 2024Updated last year
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated last year
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 5 months ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆219Jul 14, 2021Updated 4 years ago
- ☆2,169Feb 21, 2023Updated 2 years ago
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system☆1,263Feb 10, 2026Updated last week
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Jun 24, 2021Updated 4 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 7 months ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 2 years ago
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,535Jan 20, 2026Updated 3 weeks ago