mez-0 / YaraEngineLinks
A C++ Yara Rule Runner
☆12Updated 3 years ago
Alternatives and similar repositories for YaraEngine
Users that are interested in YaraEngine are comparing it to the libraries listed below
Sorting:
- ☆74Updated last year
- C# implementation to produce ROR-13 numeric hash for given function API name☆33Updated 6 years ago
- Compile shellcode into an exe file from Windows or Linux.☆69Updated 3 months ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆117Updated 2 years ago
- Small visualizator for PE files☆70Updated 2 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Updated 3 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆83Updated 2 years ago
- A Bumblebee-inspired Crypter☆79Updated 2 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆124Updated this week
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- Windows process injection methods☆18Updated 6 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated 2 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆50Updated last year
- ☆118Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆64Updated 2 years ago
- ☆28Updated 3 years ago
- the Open Source and Pure C++ Packer for eXecutables☆21Updated 2 years ago
- A collection of shellcode hashes☆17Updated 7 years ago
- Golang bindings for PE-sieve☆42Updated last year
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74Updated 4 years ago
- VBScript & VBA source-to-source deobfuscator with partial-evaluation☆80Updated last year
- A Poc on blocking Procmon from monitoring network events☆107Updated last month
- The Console Monitor Driver is a KMDF kernel-mode filter driver that captures certain Fast I/O operations (input and output) that is sent …☆40Updated 3 years ago
- Piece of code to detect and remove hooks in IAT☆64Updated 3 years ago
- Windows API Hashes used in the malwares☆42Updated 10 years ago
- Process Hollowing POC in CPP☆18Updated 4 years ago
- ☆16Updated 4 years ago