manyfacedllama / amsi-tracerView external linksLinks
Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
☆111Apr 20, 2021Updated 4 years ago
Alternatives and similar repositories for amsi-tracer
Users that are interested in amsi-tracer are comparing it to the libraries listed below
Sorting:
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆61Nov 21, 2024Updated last year
- A tool to help malware analysts signature unique parts of RTF documents☆29Jan 5, 2026Updated last month
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆27Aug 25, 2020Updated 5 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Apr 23, 2020Updated 5 years ago
- Managed assembly shellcode generation☆280Mar 19, 2021Updated 4 years ago
- Send and receive messages over Named Pipes asynchronously.☆39Sep 17, 2021Updated 4 years ago
- ☆51Apr 13, 2020Updated 5 years ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated 11 months ago
- Firebase Domain Front Code☆21May 4, 2021Updated 4 years ago
- ☆185Jan 5, 2021Updated 5 years ago
- wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")☆373Feb 27, 2023Updated 2 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Walking the PEB in VBA☆24Apr 6, 2020Updated 5 years ago
- Automatically create YARA rules from malicious documents.☆212May 16, 2022Updated 3 years ago
- A tool to create COM class/interface relationships in neo4j☆50Oct 12, 2022Updated 3 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆298Apr 10, 2021Updated 4 years ago
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 2 years ago
- POC code to crash Windows Event Logger Service☆27Oct 16, 2020Updated 5 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Jun 24, 2020Updated 5 years ago
- A collection of my presentation materials.☆17Apr 29, 2024Updated last year
- A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface☆17Jan 10, 2020Updated 6 years ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 2 years ago
- Yet another rule generator for Yara☆29Jun 6, 2025Updated 8 months ago
- OPSEC safe Kerberoasting in C#☆198Jun 14, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆329May 2, 2024Updated last year
- Visual Studio (C++) Solution Template for Payloads☆18Oct 30, 2019Updated 6 years ago
- ☆37Dec 27, 2021Updated 4 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- Petaq - Purple Team Command & Control Server☆104Dec 8, 2022Updated 3 years ago
- Execute PowerShell code at the antimalware-light protection level.☆142Dec 13, 2022Updated 3 years ago
- TA505 unpacker Python 2.7☆46Jun 22, 2020Updated 5 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- Expriments☆478Oct 3, 2024Updated last year
- C# port of WMImplant which uses either CIM or WMI to query remote systems☆202Jul 14, 2021Updated 4 years ago
- Various scripts for different malware families☆106Apr 12, 2021Updated 4 years ago