reverseame / sigcheckLinks
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
☆20Updated 2 years ago
Alternatives and similar repositories for sigcheck
Users that are interested in sigcheck are comparing it to the libraries listed below
Sorting:
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆18Updated last year
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Updated 6 years ago
- Use WinDBG to trace the Windows API calls of any Portable Executable file☆31Updated 8 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆36Updated 7 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Updated 3 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Updated 10 years ago
- ☆22Updated 4 years ago
- ☆34Updated 3 years ago
- Native Development Kit for Vista 64bit And Later, by me, Based on NDK Headers 1.0, by Alex Ionescu☆16Updated 9 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 7 years ago
- x64dbg Script editor v2.0☆27Updated 7 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆36Updated 4 years ago
- Windows Simple Process Logger implemented as driver☆18Updated 7 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 8 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- idenLib (Library Function Identification) plugin for x32dbg☆42Updated 6 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆68Updated 5 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 7 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Updated 2 years ago
- Blog posts☆30Updated 4 years ago
- Load and unload a DLL into an remote process without using WriteProcessMemory ;)☆16Updated 11 years ago
- Maltrace is a simple syscall tracer for Windows implemented through the use of PIN.☆23Updated 12 years ago
- ☆34Updated 7 years ago
- ☆21Updated 4 years ago
- An API Monitor based on Instrumentation☆43Updated 7 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 9 years ago
- APIInfo Plugin (x86) - A Plugin For x64dbg☆49Updated 6 years ago
- A sample project for using Capstone from a driver in Visual Studio 2015☆36Updated 9 years ago
- Data and structures regarding the research done on WdFilter☆12Updated 5 years ago