Alternatives and similar repositories for signify

Users that are interested in signify are comparing it to the libraries listed below

• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Updated 2 years ago
• Biswa96 / TraceEvent
  Trace events in real time sessions
  ☆45Updated last year
• intel471 / coderex
  A tool that automates regex generation for the x86 and x86-64 instruction sets
  ☆71Updated last year
• avast / authenticode-parser
  Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.
  ☆18Updated last year
• trailofbits / uthenticode
  A cross-platform library for verifying Authenticode signatures
  ☆149Updated 2 months ago
• sgabe / SymlinkProtect
  File system minifilter driver for Windows to block symbolic link attacks.
  ☆51Updated 4 years ago
• elastic / die-python
  Native Python3 bindings for @horsicq's Detect-It-Easy
  ☆69Updated this week
• libyal / winevt-kb
  Windows Event Log Knowledge Base
  ☆24Updated 7 months ago
• kevoreilly / capemon
  capemon: CAPE's monitor
  ☆116Updated this week
• trailofbits / WinDbg-JS
  ☆24Updated last year
• malwarefrank / dnfile
  Parse .NET executable files.
  ☆76Updated 3 months ago
• avast / yarang
  Alternative YARA scanning engine
  ☆70Updated 2 years ago
• hasherezade / pe_utils
  A set of small utilities, helpers for PIN tracers
  ☆33Updated last year
• namealt / winsdk10
  ☆26Updated 7 years ago
• wbenny / EtwConsumerNT
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆141Updated 6 years ago
• DidierStevens / AnalyzePESig
  ☆16Updated last year
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆142Updated 4 years ago
• zodiacon / KernelObjectView
  View handles and object for each object type
  ☆64Updated 5 years ago
• hfiref0x / MpEnum
  Enumerate Windows Defender threat families and dump their names according category
  ☆90Updated 5 years ago
• kobykahane / NpEtw
  Named pipe I/O ETW provider for Windows
  ☆70Updated 4 years ago
• avast / yls
  YARA Language Server
  ☆71Updated 2 weeks ago
• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆48Updated 2 months ago
• yardenshafir / CallbackObjectAnalyzer
  Dumps information about all the callback objects found in a dump file and the functions registered for them
  ☆35Updated 4 years ago
• hasherezade / pe2pic
  Small visualizator for PE files
  ☆69Updated last year
• shamrockhoax / mazedecoder
  ☆28Updated 5 years ago
• dr-anoroc / rawccopy
  Command line utility for copying files on NTFS using low level disk access
  ☆34Updated last year
• williballenthin / python-dotnet-binaryformat
  Pure Python parser for data encoded by .NET's BinaryFormatter
  ☆50Updated 6 years ago
• Winbagility / Winbagility
  [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;
  ☆73Updated 5 years ago
• MathildeVenault / SysMainView
  This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …
  ☆31Updated 4 years ago
• danielplohmann / empty_msvc
  A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.
  ☆32Updated 10 months ago