A C# based tool for analysing malicious OneNote documents
☆117Apr 4, 2023Updated 2 years ago
Alternatives and similar repositories for OneNoteAnalyzer
Users that are interested in OneNoteAnalyzer are comparing it to the libraries listed below
Sorting:
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆97Aug 27, 2023Updated 2 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)☆108Feb 12, 2023Updated 3 years ago
- Python module for running BOFs☆79Nov 28, 2025Updated 3 months ago
- NTFS Security Descriptor Stream ($Secure:$SDS) parser☆14Jan 9, 2023Updated 3 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Oct 10, 2022Updated 3 years ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated 11 months ago
- Fully modular persistence framework☆259Apr 10, 2023Updated 2 years ago
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆66Nov 13, 2022Updated 3 years ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆66Oct 17, 2023Updated 2 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- Small utility to chunk up a large BloodHound JSON file into smaller files for importing.☆97Apr 13, 2023Updated 2 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- A Bumblebee-inspired Crypter☆79Dec 5, 2022Updated 3 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- A GUI and CLI tool for removing bloat from executables☆442Jul 5, 2025Updated 7 months ago
- ☆137Jun 21, 2023Updated 2 years ago
- A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck☆131Nov 25, 2023Updated 2 years ago
- ☆27Feb 6, 2022Updated 4 years ago
- ☆23Jul 7, 2023Updated 2 years ago
- PS-TrustedDocuments: PowerShell script to handle information on trusted documents for Microsoft Office☆37Mar 15, 2023Updated 2 years ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- Python based tool for generating Shellcode from PIC C☆43Nov 6, 2025Updated 3 months ago
- A list of RMMs designed to be used in automation to build alerts☆117Nov 9, 2025Updated 3 months ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups☆60Oct 28, 2022Updated 3 years ago
- Configuration Extractors for Malware☆124Apr 23, 2025Updated 10 months ago
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- Simple BOF to read the protection level of a process☆118May 10, 2023Updated 2 years ago
- A payload delivery system which embeds payloads in an executable's icon file!☆73Jan 26, 2024Updated 2 years ago
- ☆181Apr 24, 2025Updated 10 months ago
- .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).☆29Jun 14, 2022Updated 3 years ago
- create a "simulated internet" cyber range environment☆19Jan 28, 2026Updated last month
- aggregated repo for all conferences and talks I am giving☆17Oct 30, 2021Updated 4 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.☆324May 1, 2025Updated 9 months ago