Alternatives and similar repositories for Shady-Hook

Users that are interested in Shady-Hook are comparing it to the libraries listed below

• poona / APIMiner
  API Logger for Windows Executables
  ☆80Updated 5 years ago
• Dump-GUY / ghidra_scripts
  ☆73Updated 2 years ago
• hasherezade / funky_malware_formats
  Parsers for custom malware formats ("Funky malware formats")
  ☆98Updated 4 years ago
• ExpLife0011 / anti-anti-vm-detection-dll-1
  ☆29Updated 7 years ago
• hfiref0x / MpEnum
  Enumerate Windows Defender threat families and dump their names according category
  ☆93Updated 6 years ago
• alexander-hanel / gopep
  Go Lang Portable Executable Parser
  ☆39Updated 4 years ago
• hasherezade / tag_converter
  ☆23Updated 4 years ago
• t3rabyt3-zz / Gozi
  Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.
  ☆72Updated 7 years ago
• hasherezade / antianalysis_demos
  Set of antianalysis techniques found in malware
  ☆133Updated 2 years ago
• reb311ion / CapaExplorer
  Capa analysis importer for Ghidra.
  ☆64Updated 5 years ago
• idan1288 / ProcessHollowing32-64
  Process Hollowing for 32 bit and 64 bit
  ☆79Updated 8 years ago
• intezer / analyze-community-ghidra-plugin
  Ghidra plugin for https://analyze.intezer.com
  ☆72Updated 3 years ago
• lfontesm / PEB-Walk
  ☆12Updated 4 years ago
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆145Updated 5 years ago
• RichHeaderResearch / RichPE
  Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks
  ☆70Updated 4 years ago
• OsandaMalith / ApiMon
  A simple API monitor for Windbg
  ☆65Updated 8 years ago
• bootkitsbook / rootkits
  ☆109Updated 6 years ago
• ohjeongwook / ShellCodeEmulator
  Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment
  ☆124Updated 5 years ago
• hasherezade / mal_unpack_drv
  MalUnpack companion driver
  ☆99Updated last year
• jthuraisamy / DIRT
  Driver Initial Reconnaissance Tool
  ☆126Updated 6 years ago
• ayoubfaouzi / binary-auditing-solutions
  Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.
  ☆81Updated 5 years ago
• CheckPointSW / showstopper
  ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…
  ☆220Updated 3 years ago
• PELock / Simple-Polymorphic-Engine-SPE32
  Simple Polymorphic Engine (SPE32) is a simple polymorphic engine for encrypting code and data. It is an amateur project that can be used …
  ☆154Updated 2 years ago
• mrexodia / YaraGen
  Plugin for x64dbg to generate Yara rules from function basic blocks.
  ☆37Updated 8 years ago
• tandasat / RemoteWriteMonitor
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆78Updated 10 years ago
• dalvarezperez / CreateFile_based_rootkit
  ☆138Updated 2 months ago
• hasherezade / pe_utils
  A set of small utilities, helpers for PIN tracers
  ☆35Updated 3 months ago
• malware-kitten / shellcode_hashes
  A collection of shellcode hashes
  ☆17Updated 7 years ago
• mauronz / binja-emotet
  ☆19Updated 5 years ago
• hasherezade / process_chameleon
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆99Updated 4 years ago