robwillisinfo / Invoke-DecoderLinks
Invoke-Decoder – A PowerShell script to decode/deobfuscate malware samples
☆19Updated 5 years ago
Alternatives and similar repositories for Invoke-Decoder
Users that are interested in Invoke-Decoder are comparing it to the libraries listed below
Sorting:
- ProcDot Malware Sandbox☆24Updated 2 weeks ago
- AppXSVC Service race condition - privilege escalation☆28Updated 6 years ago
- 2 ways of Password Filter DLL to record the plaintext password☆64Updated 4 years ago
- Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019☆59Updated 3 years ago
- ☆12Updated 4 years ago
- A tool to create COM class/interface relationships in neo4j☆50Updated 2 years ago
- Tool to manage user privileges☆29Updated 5 years ago
- Automation Capable Multi Search 64 Bit Windows Memory Scanner☆28Updated 4 years ago
- ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…☆40Updated 2 years ago
- QuasarRAT analysis tools and research report☆27Updated last year
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- A Docker container used to easily compile Nim binaries generated by my tools (NimPackt and NimPlant)☆16Updated last year
- The repository accompanying the Buer Emulation workshop☆24Updated 3 years ago
- POC code to crash Windows Event Logger Service☆27Updated 4 years ago
- A set of tools for collecting forensic information☆26Updated 5 years ago
- Specialized tool to dump Position Independent Code.☆22Updated 5 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Updated 6 years ago
- A collection of my presentation materials.☆17Updated last year
- A Canary which fires when uninstalled☆34Updated 4 years ago
- Dumping credentials through windbg and pykd☆41Updated last year
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆77Updated 5 years ago
- I used this to see if an EDR is running in Safe Mode☆37Updated 4 years ago
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆23Updated 4 years ago
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Updated 4 years ago
- ☆18Updated 6 years ago
- Repository for LNK stuff☆31Updated 2 years ago
- A cross platform tool for verifying credentials and executing single commands☆32Updated 6 years ago
- Create COM Objects backed by Scripts, not DLLs☆9Updated 8 years ago
- A PowerShell script to prevent Sysmon from writing its events☆16Updated 5 years ago
- Ingests logs/dbs from cobalt and empire and outputs an excel report with activity, sessions, and credentials☆20Updated 4 years ago