Alternatives and similar repositories for sigcheck

Users that are interested in sigcheck are comparing it to the libraries listed below

• avast / authenticode-parser
  Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.
  ☆21Updated last year
• mrexodia / YaraGen
  Plugin for x64dbg to generate Yara rules from function basic blocks.
  ☆37Updated 8 years ago
• dcdelia / sniper
  Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)
  ☆24Updated 3 years ago
• benoitsevens / applying-ttd-to-malware-analysis
  Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019
  ☆42Updated 6 years ago
• airbus-cert / etwbreaker
  An IDA plugin to deal with Event Tracing for Windows (ETW)
  ☆55Updated 3 years ago
• OSRDrivers / windbg-exts
  Various WinDbg extensions and scripts
  ☆31Updated 7 years ago
• danielplohmann / empty_msvc
  A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.
  ☆33Updated last year
• SouhailHammou / IDARay-Plugin
  IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.
  ☆18Updated 7 years ago
• tandasat / RemoteWriteMonitor
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆79Updated 10 years ago
• Winbagility / Winbagility
  [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;
  ☆76Updated 6 years ago
• BreakingMalwareResearch / CFGExceptions
  Adding exceptions to Microsoft's Control Flow Guard (CFG)
  ☆57Updated 9 years ago
• MartinDrab / VrtuleTree
  VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its func…
  ☆58Updated 4 years ago
• mr-tz / idapython
  IDAPython scripts
  ☆15Updated 8 years ago
• tandasat / EopMon
  Elevation of privilege detector based on HyperPlatform
  ☆123Updated 8 years ago
• kobykahane / NpEtw
  Named pipe I/O ETW provider for Windows
  ☆71Updated 5 years ago
• evandowning / windbg-trace
  Use WinDBG to trace the Windows API calls of any Portable Executable file
  ☆32Updated 8 years ago
• OSRDrivers / kmexts
  Simple driver to register all available process, thread, image, Registry, and Object callbacks
  ☆124Updated 8 years ago
• MathildeVenault / SysMainView
  This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …
  ☆32Updated 5 years ago
• mandiant / unicorn-libemu-shim
  libemu shim layer and win32 environment for Unicorn Engine
  ☆73Updated 8 years ago
• immortalp0ny / yarg
  Yet another rule generator for Yara
  ☆29Updated 5 months ago
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆144Updated 5 years ago
• hfiref0x / Misc
  Miscellaneous Code and Docs
  ☆84Updated 4 months ago
• NtRaiseHardError / Dreadnought
  PoC for detecting and dumping code injection (built and extended on UnRunPE)
  ☆58Updated 7 years ago
• jay / gethooks
  GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
  ☆61Updated 4 years ago
• pstolarz / dumpext
  WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…
  ☆84Updated last year
• repnz / windows-inspector
  A driver to intercept low level windows events
  ☆63Updated 6 years ago
• nixawk / Awesome-Windows-Debug
  Debug Windows Application / Kernel
  ☆91Updated 7 years ago
• zodiacon / PoolMonXv2
  Kernel Pool Monitor
  ☆127Updated 3 years ago
• zodiacon / ndcoslo2019
  NDC Oslo 2019 slides and demos
  ☆32Updated 5 years ago
• sgabe / SymlinkProtect
  File system minifilter driver for Windows to block symbolic link attacks.
  ☆52Updated 4 years ago