Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
☆113Apr 20, 2021Updated 5 years ago
Alternatives and similar repositories for amsi-tracer
Users that are interested in amsi-tracer are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 6 years ago
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Nov 21, 2024Updated last year
- A tool to help malware analysts signature unique parts of RTF documents☆28Jan 5, 2026Updated 3 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 3 years ago
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆332May 2, 2024Updated last year
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆174May 5, 2021Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 6 years ago
- Managed assembly shellcode generation☆282Mar 19, 2021Updated 5 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆299Apr 10, 2021Updated 5 years ago
- wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")☆372Feb 27, 2023Updated 3 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆447Oct 26, 2022Updated 3 years ago
- ☆158Jul 31, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆27Aug 25, 2020Updated 5 years ago
- Firebase Domain Front Code☆21May 4, 2021Updated 4 years ago
- A PowerShell script to prevent Sysmon from writing its events☆17Apr 23, 2020Updated 6 years ago
- Send and receive messages over Named Pipes asynchronously.☆39Sep 17, 2021Updated 4 years ago
- OPSEC safe Kerberoasting in C#☆198Jun 14, 2022Updated 3 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆313Dec 9, 2023Updated 2 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- Data from analysis of the custom sample from the chapter "Practical Analysis and Test"☆12Aug 1, 2020Updated 5 years ago
- ☆51Apr 13, 2020Updated 6 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆112Feb 8, 2025Updated last year
- A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies☆325Apr 8, 2023Updated 3 years ago
- ☆55Mar 26, 2025Updated last year
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Feb 15, 2022Updated 4 years ago
- ☆18May 3, 2021Updated 4 years ago
- ☆186Jan 5, 2021Updated 5 years ago
- C Header Only Library for Virii☆11Nov 17, 2020Updated 5 years ago
- A tool to create COM class/interface relationships in neo4j☆50Oct 12, 2022Updated 3 years ago
- Expriments☆482Oct 3, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- Various scripts for different malware families☆106Apr 12, 2021Updated 5 years ago
- YARA rule metadata specification and validation utility / Spécification et validation pour les règles YARA☆119Mar 2, 2026Updated last month
- YARA Rule Strings Statistics Calculator and Malware Research Helper☆14Jul 24, 2021Updated 4 years ago
- Yara rules☆21Mar 27, 2023Updated 3 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆84May 23, 2022Updated 3 years ago
- PoCs and tools for investigation of Windows process execution techniques☆957Feb 2, 2026Updated 2 months ago