mandiant/speakeasy

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mandiant/speakeasy)

mandiant / speakeasy

Windows kernel and user mode emulation.

☆1,860

Alternatives and similar repositories for speakeasy

Users that are interested in speakeasy are comparing it to the libraries listed below

Sorting:

mandiant / capa
View on GitHub
The FLARE team's open-source tool to identify capabilities in executable files.
☆5,844Updated this week
hasherezade / pe-sieve
View on GitHub
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
☆3,562Oct 31, 2025Updated 4 months ago
hasherezade / tiny_tracer
View on GitHub
A Pin Tool for tracing API calls etc
☆1,620Feb 8, 2026Updated 3 weeks ago
qilingframework / qiling
View on GitHub
A True Instrumentable Binary Emulation Framework
☆5,827Nov 5, 2025Updated 3 months ago
mrexodia / dumpulator
View on GitHub
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…
☆855Feb 2, 2024Updated 2 years ago
mandiant / flare-floss
View on GitHub
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
☆3,897Feb 23, 2026Updated last week
mandiant / flare-emu
View on GitHub
☆928Aug 14, 2025Updated 6 months ago
OALabs / BlobRunner
View on GitHub
Quickly debug shellcode extracted during malware analysis
☆626May 23, 2023Updated 2 years ago
hasherezade / hollows_hunter
View on GitHub
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
☆2,313Oct 31, 2025Updated 4 months ago
HyperDbg / HyperDbg
View on GitHub
State-of-the-art native debugging tools
☆3,654Updated this week
ayoubfaouzi / al-khaser
View on GitHub
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
☆6,861Feb 1, 2026Updated last month
iPower / KasperskyHook
View on GitHub
Hook system calls on Windows by using Kaspersky's hypervisor
☆1,278Feb 14, 2026Updated 2 weeks ago
CERT-Polska / drakvuf-sandbox
View on GitHub
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
☆1,269Updated this week
hzqst / unicorn_pe
View on GitHub
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
☆915Dec 29, 2025Updated 2 months ago
unipacker / unipacker
View on GitHub
Automatic and platform-independent unpacker for Windows binaries based on emulation
☆741Aug 18, 2025Updated 6 months ago
jthuraisamy / SysWhispers
View on GitHub
AV/EDR evasion via direct system calls.
☆1,990Jan 1, 2023Updated 3 years ago
thalium / icebox
View on GitHub
Virtual Machine Introspection, Tracing & Debugging
☆596Feb 22, 2022Updated 4 years ago
can1357 / NoVmp
View on GitHub
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
☆2,083Aug 8, 2021Updated 4 years ago
everdox / InfinityHook
View on GitHub
Hook system calls, context switches, page faults and more.
☆2,637May 9, 2023Updated 2 years ago
hasherezade / pe_to_shellcode
View on GitHub
Converts PE into a shellcode
☆2,745Aug 30, 2025Updated 6 months ago
hasherezade / libpeconv
View on GitHub
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
☆1,331Oct 31, 2025Updated 4 months ago
DissectMalware / XLMMacroDeobfuscator
View on GitHub
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
☆585May 5, 2024Updated last year
JonathanSalwan / Triton
View on GitHub
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software v…
☆4,070Dec 2, 2025Updated 3 months ago
wbenny / injdrv
View on GitHub
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
☆1,270May 1, 2024Updated last year
jthuraisamy / TelemetrySourcerer
View on GitHub
Enumerate and disable common sources of telemetry used by AV/EDR.
☆819Mar 11, 2021Updated 4 years ago
Mr-Un1k0d3r / EDRs
View on GitHub
☆2,168Feb 21, 2023Updated 3 years ago
monoxgas / sRDI
View on GitHub
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
☆2,503Nov 15, 2023Updated 2 years ago
hasherezade / mal_unpack
View on GitHub
Dynamic unpacker based on PE-sieve
☆796Sep 13, 2025Updated 5 months ago
tklengyel / drakvuf
View on GitHub
DRAKVUF Black-box Binary Analysis
☆1,209Updated this week
0xnobody / vmpdump
View on GitHub
A dynamic VMP dumper and import fixer, powered by VTIL.
☆1,327Nov 4, 2020Updated 5 years ago
cea-sec / miasm
View on GitHub
Reverse engineering framework in Python
☆3,828Jan 26, 2025Updated last year
mandiant / flare-ida
View on GitHub
IDA Pro utilities from FLARE team
☆2,435Oct 29, 2024Updated last year
phra / PEzor
View on GitHub
Open-Source Shellcode & PE Packer
☆2,069Feb 3, 2024Updated 2 years ago
forrest-orr / moneta
View on GitHub
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
☆807Mar 16, 2024Updated last year
gaasedelen / lighthouse
View on GitHub
A Coverage Explorer for Reverse Engineers
☆2,505Feb 14, 2026Updated 2 weeks ago
TheWover / donut
View on GitHub
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
☆4,470Jul 8, 2025Updated 7 months ago
carbonblack / binee
View on GitHub
Binee: binary emulation environment
☆530Feb 25, 2023Updated 3 years ago
gaasedelen / tenet
View on GitHub
A Trace Explorer for Reverse Engineers
☆1,522Oct 23, 2023Updated 2 years ago
jxy-s / herpaderping
View on GitHub
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…
☆1,183Jul 5, 2023Updated 2 years ago