Alternatives and similar repositories for YaraEngine:

Users that are interested in YaraEngine are comparing it to the libraries listed below

• matterpreter / cpuid
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆26Updated last year
• naksyn / talks
  Repo containing my public talks
  ☆23Updated last year
• Dump-GUY / Get-PDInvokeImports
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆54Updated 3 years ago
• Dump-GUY / Invoke-DetectItEasy
  Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.
  ☆25Updated 3 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated last year
• ihack4falafel / ROR13HashGenerator
  C# implementation to produce ROR-13 numeric hash for given function API name
  ☆31Updated 5 years ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆48Updated 11 months ago
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 9 months ago
• rbmm / Hollowed-Process
  ☆26Updated 2 months ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆63Updated 2 years ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆74Updated last week
• FuzzySecurity / AdvSim.Compression
  Simple and sane compression wrapper library.
  ☆18Updated 2 years ago
• dis0rder0x00 / CanYouCTheThief
  A C implementation of the Sektor7 "A Thief" Windows privesc technique.
  ☆62Updated 3 years ago
• fr0gger / MalwareMuncher
  Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…
  ☆44Updated 2 years ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆40Updated last year
• APT64 / KernelAVKiller
  Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.
  ☆6Updated 2 years ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆76Updated last year
• Offensive-Panda / PEB_WALK_AND_API_OBFUSCATION_INJECTION
  This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.
  ☆17Updated 9 months ago
• hasherezade / pesieve-go
  Golang bindings for PE-sieve
  ☆43Updated last year
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆32Updated 3 years ago
• hasherezade / mal_unpack_py
  Python wrappers for mal_unpack
  ☆36Updated last year
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆48Updated 3 years ago
• ethereal-vx / Persistence
  Recreating and reviewing the Windows persistence methods
  ☆38Updated 3 years ago
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆28Updated 3 years ago
• listinvest / undonut
  Unpacker for donut shellcode
  ☆17Updated 4 years ago
• MITRECND / picaboo
  Specialized tool to dump Position Independent Code.
  ☆22Updated 4 years ago
• accidentalrebel / shcode2exe
  Compile shellcode into an exe file from Windows or Linux.
  ☆67Updated 4 years ago
• rbmm / SDD
  Self Delete DLL
  ☆23Updated last year
• ytincodenito / vEDR
  Vulnerable EDR
  ☆16Updated 5 months ago
• cod3nym / detection-rules
  Collection of my own detection rules
  ☆20Updated last year