sandflysecurity/sandfly-file-decloak external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sandflysecurity/sandfly-file-decloak

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sandflysecurity/sandfly-file-decloak)

Close

sandflysecurity / sandfly-file-decloakView on GitHubMore

• External links
• Readme badge

Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.

☆29Sep 29, 2025Updated 7 months ago

Alternatives and similar repositories for sandfly-file-decloak

Users that are interested in sandfly-file-decloak are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• tstromberg / sunlight

  View on GitHub
  Linux #rootkit and #malware revealer
  ☆31Aug 1, 2024Updated last year
• sandflysecurity / sandfly-processdecloak

  View on GitHub
  Sandfly Linux Stealth Rootkit Decloaking Utility
  ☆108Jan 19, 2023Updated 3 years ago
• CD-R0M / YARA

  View on GitHub
  Hundred Days of Yara Challenge
  ☆12Jun 21, 2022Updated 3 years ago
• cudeso / misp2defender

  View on GitHub
  MISP to Microsoft Defender integration
  ☆17Feb 24, 2026Updated 3 months ago
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• ksen-lin / nitara2

  View on GitHub
  yet another hidden LKM hunter
  ☆33Sep 18, 2025Updated 8 months ago
• ydkhatri / jarp

  View on GitHub
  Just Another broken Registry Parser (JARP)
  ☆16May 23, 2024Updated 2 years ago
• AbdulRhmanAlfaifi / CryptnetURLCacheParser

  View on GitHub
  CryptnetURLCacheParser is a tool to parse CryptAPI cache files
  ☆21Aug 3, 2024Updated last year
• its-a-feature / macOSCameraCapture

  View on GitHub
  Simple CLI utility to save off an image from every webcam hooked into a mac
  ☆14May 20, 2021Updated 5 years ago
• bgrundy / cheatsheets-forensic

  View on GitHub
  Forensic cheatsheets for use with cheat
  ☆15Dec 2, 2021Updated 4 years ago
• ald3ns / XPR-dump

  View on GitHub
  Helper scripts to automate the extraction of YARA rules from XProtectRemediators
  ☆22Mar 5, 2024Updated 2 years ago
• 5ha0 / fortools

  View on GitHub
  ☆14Dec 24, 2019Updated 6 years ago
• Hexastrike / PyrsistenceSniper

  View on GitHub
  We took PersistenceSniper, merged it with Python, and misspelled it on purpose. Meet PyrsistenceSniper.
  ☆84Mar 30, 2026Updated last month
• JPCERTCC / etw-scan

  View on GitHub
  ETW forensic tool for Volatility3 plugin
  ☆17Nov 15, 2024Updated last year
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• SentineLabs / log4j_response

  View on GitHub
  ☆15Dec 22, 2021Updated 4 years ago
• ernw / quarantine-formats

  View on GitHub
  Documentation and parsers for different anti-virus quarantine formats.
  ☆43Dec 9, 2020Updated 5 years ago
• MatheuZSecurity / ModTracer

  View on GitHub
  ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.
  ☆87Feb 28, 2025Updated last year
• theflakes / Linux_Forensic_Harvester

  View on GitHub
  Harvest Linux forensic data for operational triage of an event.
  ☆51Nov 30, 2025Updated 5 months ago
• bradleyjkemp / sigma-esf

  View on GitHub
  Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework
  ☆22Jan 22, 2021Updated 5 years ago
• Sentinel-One / shadowsuid

  View on GitHub
  ☆23Jan 15, 2019Updated 7 years ago
• dfir-iris / iris-client

  View on GitHub
  Python client for DFIR-IRIS
  ☆26Aug 19, 2024Updated last year
• DCScoder / ESXiTri

  View on GitHub
  ESXi Cyber Security Incident Response Script
  ☆28Sep 4, 2024Updated last year
• SentineLabs / XProtect-Malware-Families

  View on GitHub
  Mapping XProtect's obfuscated malware family names to common industry names.
  ☆94Nov 14, 2025Updated 6 months ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• Digital-Defense-Institute / triage.zip

  View on GitHub
  A preconfigured Velociraptor triage collector
  ☆77May 4, 2026Updated 3 weeks ago
• Cipher7 / havoc-SauronEye

  View on GitHub
  ☆11Dec 8, 2023Updated 2 years ago
• anelshaer / Remote-Linux-Triage-Collection-using-OSquery

  View on GitHub
  Remotely collect linux live forensics artifacts.
  ☆14Jul 8, 2022Updated 3 years ago
• poorting / nfdump2clickhouse

  View on GitHub
  service to convert nfcapd files clickhouse as they are created
  ☆10Mar 22, 2025Updated last year
• sethhall / bro-domain-generation

  View on GitHub
  Bro script module for detecting malware using domain generation algorithms.
  ☆13Feb 22, 2018Updated 8 years ago
• stevekroh / rpz-manager

  View on GitHub
  Block ads and malicious domains with response policy zones
  ☆12Jun 10, 2020Updated 5 years ago
• tsale / Sigma_rules

  View on GitHub
  Sigma rules to share with the community
  ☆126Jan 29, 2025Updated last year
• st0pp3r / awesome-soc-analyst

  View on GitHub
  Online resources related to SOC Analysts. Incident investigation reference material, blogs, newsletters, good reads, books, trainings, po…
  ☆57Feb 14, 2026Updated 3 months ago
• bootplug / writeups

  View on GitHub
  ☆25Dec 8, 2020Updated 5 years ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• sandflysecurity / sandfly-entropyscan

  View on GitHub
  Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …
  ☆170Jun 11, 2024Updated last year
• errbody / DPRK-Research

  View on GitHub
  ☆46Nov 10, 2025Updated 6 months ago
• mthcht / ThreatHunting-Keywords-yara-rules

  View on GitHub
  yara detection rules for hunting with the threathunting-keywords project
  ☆162May 11, 2025Updated last year
• m3047 / shodohflo

  View on GitHub
  Pure Python netflow and DNS correlation, with reusable Frame Streams, DnsTap and Protobuf implementations
  ☆17Aug 30, 2025Updated 8 months ago
• mandiant / gootloader

  View on GitHub
  Collection of scripts used to deobfuscate GOOTLOADER malware samples.
  ☆78Dec 29, 2025Updated 4 months ago
• 3gbCyber / User_Accounts_Hunting

  View on GitHub
  The scrip will help you to find some values info for the user that you need as DFIR
  ☆16Nov 3, 2022Updated 3 years ago
• ArsenalRecon / BackstageParser

  View on GitHub
  Backstage Parser
  ☆34Jun 23, 2022Updated 3 years ago