reverseame / sigcheck
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
☆19Updated last year
Alternatives and similar repositories for sigcheck:
Users that are interested in sigcheck are comparing it to the libraries listed below
- A python script that can be used to scan data within in an IDB using Yara.☆22Updated 6 years ago
- Helper utility for debugging windows PE/PE+ loader.☆51Updated 9 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆34Updated 7 years ago
- libemu shim layer and win32 environment for Unicorn Engine☆71Updated 7 years ago
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Updated 6 years ago
- VB Exe Parser is an IDA script written in Python. This script will help you to parse VB program internal structures. It can find: Event, …☆16Updated 8 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- IDAPython scripts☆15Updated 7 years ago
- ☆33Updated 3 years ago
- Use WinDBG to trace the Windows API calls of any Portable Executable file☆30Updated 7 years ago
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆72Updated 5 years ago
- Windbg Utility Tools based upon PyKD☆42Updated 4 years ago
- Native Development Kit for Vista 64bit And Later, by me, Based on NDK Headers 1.0, by Alex Ionescu☆16Updated 9 years ago
- Zero Wine Tryouts: An open source malware analysis tool☆16Updated 8 years ago
- just an lite AntiRootkit for interesting☆23Updated 9 years ago
- IDA plugin to explore and browse tags☆53Updated 5 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- Bypass for the hardening against usage of tagWnd as a kernel read/write primitive☆29Updated 7 years ago
- ☆32Updated 6 years ago
- windows create process with a dll load first time via LdrHook☆30Updated 8 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆16Updated 10 months ago
- Create and use macros in IDA's CLIs☆63Updated last year
- idenLib (Library Function Identification) plugin for x32dbg☆41Updated 5 years ago
- Reverse engineered vmware workstation code to aid in kernel debugging.☆14Updated 9 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆23Updated 3 years ago
- Maltrace is a simple syscall tracer for Windows implemented through the use of PIN.☆23Updated 11 years ago