Alternatives and similar repositories for windows-sandbox-to-elastic

Users that are interested in windows-sandbox-to-elastic are comparing it to the libraries listed below

• makitos666 / MFT_Fast_Transcoder

  View on GitHub
  MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.
  ☆12Feb 27, 2023Updated 2 years ago
• dtmsecurity / gift

  View on GitHub
  ☆27Oct 15, 2025Updated 4 months ago
• rkbennett / icmpsh

  View on GitHub
  Simple reverse ICMP shell
  ☆14Apr 30, 2024Updated last year
• MEhrn00 / GhidraCOFFParser

  View on GitHub
  Ghidra script which fully parses COFF files
  ☆12Oct 18, 2024Updated last year
• ShutdownRepo / GeoWordlists

  View on GitHub
  GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.
  ☆11Nov 24, 2023Updated 2 years ago
• EvilBytecode / Lifetime-AmsiBypass

  View on GitHub
  Lifetime AMSI bypass.
  ☆36Apr 21, 2025Updated 9 months ago
• Hubbl3 / ThreatCheck

  View on GitHub
  Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
  ☆11May 17, 2024Updated last year
• Cracked5pider / unguard-eat

  View on GitHub
  havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets
  ☆42Aug 6, 2024Updated last year
• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆73Nov 6, 2025Updated 3 months ago
• RiccardoAncarani / GPOPowerParser

  View on GitHub
  A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc
  ☆15Feb 9, 2020Updated 6 years ago
• hasherezade / beardisasm

  View on GitHub
  A wrapper for capstone for bearparser
  ☆16Oct 8, 2025Updated 4 months ago
• hasherezade / pe2pic

  View on GitHub
  Small visualizator for PE files
  ☆70Sep 20, 2023Updated 2 years ago
• mucoze / Umay

  View on GitHub
  IoT Malware Similarity Analysis Platform
  ☆45Jan 30, 2022Updated 4 years ago
• bittib010 / AjourVolAutolity

  View on GitHub
  A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.
  ☆16Aug 19, 2025Updated 5 months ago
• Teach2Breach / rust_api_demo

  View on GitHub
  various methods of making API calls
  ☆19Feb 1, 2025Updated last year
• sliverarmory / beignet

  View on GitHub
  MacOS Shared Library to Shellcode Loader
  ☆39Feb 5, 2026Updated last week
• Macmod / malkom

  View on GitHub
  Malkom is an extensible and simple similarity graph generator for malware analysis aimed at helping analysts visualize and cluster sets o…
  ☆17Apr 6, 2023Updated 2 years ago
• mrexodia / RiscyWorkshop

  View on GitHub
  Payload Obfuscation for Red Teams workshop materials
  ☆78Nov 25, 2025Updated 2 months ago
• her0ness / av-edr-urls

  View on GitHub
  AV/EDR companies netblocks
  ☆18Nov 9, 2021Updated 4 years ago
• whichbuffer / Antidebug

  View on GitHub
  Defeating Anti-Debugging Techniques for Malware Analysis
  ☆12Oct 1, 2022Updated 3 years ago
• ss23 / evilginx2

  View on GitHub
  Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …
  ☆18Apr 4, 2023Updated 2 years ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆60Jan 5, 2026Updated last month
• SilvestriF3 / Passworld

  View on GitHub
  Passworld is a fully customizable wordlist generator
  ☆16Sep 13, 2024Updated last year
• HuskyHacks / windows-x64-shellcode-pipeline

  View on GitHub
  A Dockerized build pipeline for custom Windows x64 shellcode
  ☆53Dec 12, 2025Updated 2 months ago
• sominsong / NIMOS

  View on GitHub
  Analysis of syscall sequence pattern from exploit codes for advanced system call sequence filtering for enhanced container security
  ☆16May 21, 2023Updated 2 years ago
• mtth-bfft / winsddl

  View on GitHub
  Windows Security Descriptor Definition Language (SDDL) parser and formatter
  ☆20Jun 8, 2020Updated 5 years ago
• brokensound77 / OptionsBleed-POC-Scanner

  View on GitHub
  OptionsBleed (CVE-2017-9798) PoC / Scanner
  ☆18May 21, 2024Updated last year
• listinvest / undonut

  View on GitHub
  Unpacker for donut shellcode
  ☆21Jun 20, 2020Updated 5 years ago
• 0xB455 / ActiveSyncBruter

  View on GitHub
  ☆26Mar 6, 2025Updated 11 months ago
• idkhidden / winapipatcher

  View on GitHub
  WinApi Patcher is a straightforward tool leveraging windows API hooking to patch and modify certain behaviors in a targeted environment.
  ☆43Sep 19, 2024Updated last year
• HuskyHacks / the-crown-defcon615

  View on GitHub
  Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk
  ☆46Jan 23, 2022Updated 4 years ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• Mr-Un1k0d3r / AMSI-ETW-Patch

  View on GitHub
  Patch AMSI and ETW
  ☆249May 8, 2024Updated last year
• weixu8 / RegistryMonitor

  View on GitHub
  Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun l…
  ☆21Feb 15, 2014Updated 12 years ago
• mobdk / WinSpoof

  View on GitHub
  Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code
  ☆24Mar 13, 2023Updated 2 years ago
• 0xjbb / vehspoof

  View on GitHub
  Callstack spoofing using a VEH because VEH all the things.
  ☆23Mar 18, 2025Updated 10 months ago
• badhive / alca

  View on GitHub
  Rule Engine for Dynamic Malware Analysis and Research
  ☆25Apr 16, 2025Updated 10 months ago
• airbus-cert / etwbreaker

  View on GitHub
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Jul 8, 2022Updated 3 years ago
• RanjitPatil / Malicious-Document-Analysis

  View on GitHub
  ☆25Aug 2, 2023Updated 2 years ago