Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
☆113Apr 20, 2021Updated 4 years ago
Alternatives and similar repositories for amsi-tracer
Users that are interested in amsi-tracer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 5 years ago
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Nov 21, 2024Updated last year
- A tool to help malware analysts signature unique parts of RTF documents☆28Jan 5, 2026Updated 3 months ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆332May 2, 2024Updated last year
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Managed assembly shellcode generation☆281Mar 19, 2021Updated 5 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆300Apr 10, 2021Updated 4 years ago
- wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")☆373Feb 27, 2023Updated 3 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆446Oct 26, 2022Updated 3 years ago
- ☆157Jul 31, 2022Updated 3 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- ☆27Aug 25, 2020Updated 5 years ago
- Firebase Domain Front Code☆21May 4, 2021Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 5 years ago
- Send and receive messages over Named Pipes asynchronously.☆39Sep 17, 2021Updated 4 years ago
- OPSEC safe Kerberoasting in C#☆198Jun 14, 2022Updated 3 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆310Dec 9, 2023Updated 2 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- Data from analysis of the custom sample from the chapter "Practical Analysis and Test"☆12Aug 1, 2020Updated 5 years ago
- ☆51Apr 13, 2020Updated 5 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 3 years ago
- ☆54Mar 26, 2025Updated last year
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Feb 15, 2022Updated 4 years ago
- ☆18May 3, 2021Updated 4 years ago
- ☆185Jan 5, 2021Updated 5 years ago
- C Header Only Library for Virii☆11Nov 17, 2020Updated 5 years ago
- A tool to create COM class/interface relationships in neo4j☆50Oct 12, 2022Updated 3 years ago
- Expriments☆480Oct 3, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Various scripts for different malware families☆106Apr 12, 2021Updated 4 years ago
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆118Mar 2, 2026Updated last month
- YARA Rule Strings Statistics Calculator and Malware Research Helper☆14Jul 24, 2021Updated 4 years ago
- Yara rules☆22Mar 27, 2023Updated 3 years ago
- PoCs and tools for investigation of Windows process execution techniques☆955Feb 2, 2026Updated 2 months ago
- Beacon Object File allowing creation of Beacons in different sessions.☆83May 23, 2022Updated 3 years ago