reverseame / sigcheckLinks
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
☆20Updated 2 years ago
Alternatives and similar repositories for sigcheck
Users that are interested in sigcheck are comparing it to the libraries listed below
Sorting:
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆18Updated last year
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆37Updated 8 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Updated 3 years ago
- IDARay is an IDA Pro plugin that matches the database against multiple YARA files which themselves may contain multiple rules.☆18Updated 6 years ago
- A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.☆33Updated last year
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆42Updated 5 years ago
- Use WinDBG to trace the Windows API calls of any Portable Executable file☆31Updated 8 years ago
- NDC Oslo 2019 slides and demos☆32Updated 4 years ago
- Tools for static and dynamic analysis of ActionScript3 SWF files.☆47Updated 6 years ago
- ☆34Updated last year
- libemu shim layer and win32 environment for Unicorn Engine☆72Updated 8 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- penter hook example and driver time recorder☆31Updated 7 years ago
- My articles for Paged Out! #2☆17Updated 5 years ago
- Named pipe I/O ETW provider for Windows☆71Updated 5 years ago
- Capture BAT is a behavioral analysis tool of applications for the Win32 operating system family.☆32Updated 12 years ago
- APIInfo Plugin (x86) - A Plugin For x64dbg☆49Updated 7 years ago
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆74Updated 6 years ago
- ☆22Updated 4 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Updated 3 years ago
- This x64dbg plugin adds several commands for dumping PE header information by address.☆63Updated 8 years ago
- Yet another rule generator for Yara☆29Updated 3 months ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆68Updated 5 years ago
- ☆29Updated 7 years ago
- idenLib (Library Function Identification) plugin for x32dbg☆42Updated 6 years ago
- C++ wrapper for YARA.☆45Updated 5 years ago
- WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…☆84Updated last year
- Blog posts☆30Updated 5 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Updated 10 years ago