rabbitstack/fibratus

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rabbitstack/fibratus)

rabbitstack / fibratus

Adversary tradecraft detection, protection, and hunting

☆2,434

Alternatives and similar repositories for fibratus

Users that are interested in fibratus are comparing it to the libraries listed below

Sorting:

hasherezade / pe-sieve
View on GitHub
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
☆3,576Oct 31, 2025Updated 4 months ago
googleprojectzero / sandbox-attacksurface-analysis-tools
View on GitHub
Set of tools to analyze Windows sandboxes for exposed attack surface.
☆2,276Nov 6, 2025Updated 4 months ago
mandiant / capa
View on GitHub
The FLARE team's open-source tool to identify capabilities in executable files.
☆5,890Updated this week
mandiant / flare-floss
View on GitHub
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
☆3,923Updated this week
mandiant / speakeasy
View on GitHub
Windows kernel and user mode emulation.
☆1,896Mar 12, 2026Updated last week
hasherezade / hollows_hunter
View on GitHub
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
☆2,319Oct 31, 2025Updated 4 months ago
jthuraisamy / TelemetrySourcerer
View on GitHub
Enumerate and disable common sources of telemetry used by AV/EDR.
☆843Mar 11, 2021Updated 5 years ago
ayoubfaouzi / al-khaser
View on GitHub
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
☆6,885Mar 1, 2026Updated 2 weeks ago
jthuraisamy / SysWhispers
View on GitHub
AV/EDR evasion via direct system calls.
☆1,999Jan 1, 2023Updated 3 years ago
gaasedelen / lighthouse
View on GitHub
A Coverage Explorer for Reverse Engineers
☆2,513Feb 14, 2026Updated last month
optiv / ScareCrow
View on GitHub
ScareCrow - Payload creation framework designed around EDR bypass.
☆2,878Aug 18, 2023Updated 2 years ago
swwwolf / wdbgark
View on GitHub
WinDBG Anti-RootKit Extension
☆646Jul 29, 2020Updated 5 years ago
0xrawsec / whids
View on GitHub
Open Source EDR for Windows
☆1,297Feb 25, 2023Updated 3 years ago
monoxgas / sRDI
View on GitHub
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
☆2,511Nov 15, 2023Updated 2 years ago
hacksysteam / HackSysExtremeVulnerableDriver
View on GitHub
HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
☆2,965Feb 24, 2025Updated last year
nshalabi / SysmonTools
View on GitHub
Utilities for Sysmon
☆1,576Sep 21, 2025Updated 5 months ago
FSecureLABS / win_driver_plugin
View on GitHub
A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
☆437Aug 22, 2018Updated 7 years ago
ShaneK2 / inVtero.net
View on GitHub
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extr…
☆295Sep 30, 2023Updated 2 years ago
wavestone-cdt / EDRSandblast
View on GitHub
☆1,793Aug 30, 2024Updated last year
everdox / InfinityHook
View on GitHub
Hook system calls, context switches, page faults and more.
☆2,639May 9, 2023Updated 2 years ago
Mr-Un1k0d3r / EDRs
View on GitHub
☆2,173Feb 21, 2023Updated 3 years ago
tklengyel / drakvuf
View on GitHub
DRAKVUF Black-box Binary Analysis
☆1,211Mar 5, 2026Updated 2 weeks ago
HyperDbg / HyperDbg
View on GitHub
State-of-the-art native debugging tools
☆3,674Feb 24, 2026Updated 3 weeks ago
ComodoSecurity / openedr
View on GitHub
Open EDR public repository
☆2,617Jan 13, 2024Updated 2 years ago
hfiref0x / WinObjEx64
View on GitHub
Windows Object Explorer 64-bit
☆1,893Mar 9, 2026Updated last week
JusticeRage / Manalyze
View on GitHub
A static analyzer for PE executables.
☆1,112Mar 11, 2026Updated last week
Cisco-Talos / pyrebox
View on GitHub
Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU
☆1,682Feb 14, 2024Updated 2 years ago
hasherezade / tiny_tracer
View on GitHub
A Pin Tool for tracing API calls etc
☆1,634Feb 8, 2026Updated last month
airbus-cert / Winshark
View on GitHub
A wireshark plugin to instrument ETW
☆580Jan 28, 2022Updated 4 years ago
JLospinoso / gargoyle
View on GitHub
A memory scanning evasion technique
☆901May 24, 2017Updated 8 years ago
hlldz / Phant0m
View on GitHub
Windows Event Log Killer
☆1,813Sep 21, 2023Updated 2 years ago
hzqst / Syscall-Monitor
View on GitHub
Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
☆748Jun 26, 2017Updated 8 years ago
mgeeky / ThreadStackSpoofer
View on GitHub
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
☆1,203Jun 17, 2022Updated 3 years ago
MagnetForensics / SwishDbgExt
View on GitHub
Incident Response & Digital Forensics Debugging Extension
☆393Dec 11, 2018Updated 7 years ago
hfiref0x / UACME
View on GitHub
Defeating Windows User Account Control
☆7,428Feb 17, 2026Updated last month
microsoft / krabsetw
View on GitHub
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
☆754Mar 9, 2026Updated last week
jxy-s / herpaderping
View on GitHub
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…
☆1,188Jul 5, 2023Updated 2 years ago
joxeankoret / diaphora
View on GitHub
Diaphora, the most advanced Free and Open Source program diffing tool.
☆4,208Nov 24, 2024Updated last year
phra / PEzor
View on GitHub
Open-Source Shellcode & PE Packer
☆2,074Feb 3, 2024Updated 2 years ago