ph0sec / CaptureBAT-client
Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family.
☆32Updated 11 years ago
Alternatives and similar repositories for CaptureBAT-client:
Users that are interested in CaptureBAT-client are comparing it to the libraries listed below
- a program to detect reflective dll injection on a live machine☆75Updated 9 years ago
- CAPE monitor DLLs☆39Updated 5 years ago
- Evil Reflective DLL Injection Finder☆47Updated 6 years ago
- Blog posts☆30Updated 4 years ago
- CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to i…☆34Updated 8 years ago
- ☆22Updated 4 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Telsy CTI Research Team☆57Updated 4 years ago
- DLL Injection Library & Tools☆72Updated 8 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 8 years ago
- A summary about different projects/presentations/tools to test how to evade malware sandbox systems☆50Updated 6 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 3 years ago
- ☆49Updated 4 years ago
- Rekall Memory Forensic Framework☆32Updated 5 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆35Updated 7 years ago
- Modified edition of cuckoomon☆49Updated 6 years ago
- Trace ScriptBlock execution for powershell v2☆40Updated 5 years ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆31Updated 4 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆120Updated 4 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Userland API monitor for threat hunting☆58Updated 5 years ago
- Windows Inline function hooking library targeted at MSVC☆27Updated 8 years ago
- Community-based integrated malware identification system☆82Updated 2 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 7 years ago
- ☆26Updated last year
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆35Updated 4 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- ☆45Updated 6 years ago
- Shim database persistence (Fin7 TTP)☆37Updated 5 years ago