Adversary tradecraft detection, protection, and hunting
☆2,431Updated this week
Alternatives and similar repositories for fibratus
Users that are interested in fibratus are comparing it to the libraries listed below
Sorting:
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,562Oct 31, 2025Updated 3 months ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,267Nov 6, 2025Updated 3 months ago
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,844Updated this week
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.☆6,861Feb 1, 2026Updated 3 weeks ago
- Windows kernel and user mode emulation.☆1,852Feb 19, 2026Updated last week
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,897Updated this week
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,313Oct 31, 2025Updated 3 months ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,873Aug 18, 2023Updated 2 years ago
- AV/EDR evasion via direct system calls.☆1,990Jan 1, 2023Updated 3 years ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,503Nov 15, 2023Updated 2 years ago
- A Coverage Explorer for Reverse Engineers☆2,500Feb 14, 2026Updated 2 weeks ago
- Open Source EDR for Windows☆1,296Feb 25, 2023Updated 3 years ago
- HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux☆2,946Feb 24, 2025Updated last year
- Windows Event Log Killer☆1,810Sep 21, 2023Updated 2 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- ☆1,787Aug 30, 2024Updated last year
- ☆2,168Feb 21, 2023Updated 3 years ago
- Hook system calls, context switches, page faults and more.☆2,637May 9, 2023Updated 2 years ago
- A static analyzer for PE executables.☆1,107Updated this week
- DRAKVUF Black-box Binary Analysis☆1,208Feb 11, 2026Updated 2 weeks ago
- Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…☆1,196Jun 17, 2022Updated 3 years ago
- Windows Object Explorer 64-bit☆1,886Feb 10, 2026Updated 2 weeks ago
- A memory scanning evasion technique☆899May 24, 2017Updated 8 years ago
- Utilities for Sysmon☆1,574Sep 21, 2025Updated 5 months ago
- Open EDR public repository☆2,604Jan 13, 2024Updated 2 years ago
- A post exploitation framework designed to operate covertly on heavily monitored environments☆2,167Sep 29, 2021Updated 4 years ago
- Virtual Machine Introspection, Tracing & Debugging☆595Feb 22, 2022Updated 4 years ago
- State-of-the-art native debugging tools☆3,639Feb 20, 2026Updated last week
- Defeating Windows User Account Control☆7,377Feb 17, 2026Updated last week
- Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU☆1,682Feb 14, 2024Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆4,462Jul 8, 2025Updated 7 months ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆437Aug 22, 2018Updated 7 years ago
- A wireshark plugin to instrument ETW☆580Jan 28, 2022Updated 4 years ago
- My musings with PowerShell☆2,703Nov 19, 2021Updated 4 years ago
- Simple (relatively) things allowing you to dig a bit deeper than usual.☆3,481Feb 16, 2026Updated last week
- AV/EDR evasion via direct system calls.☆1,793Sep 3, 2022Updated 3 years ago
- Run PowerShell with rundll32. Bypass software restrictions.☆1,823Mar 17, 2021Updated 4 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,577Jan 5, 2021Updated 5 years ago