Sandfly Linux Stealth Rootkit Decloaking Utility
☆108Jan 19, 2023Updated 3 years ago
Alternatives and similar repositories for sandfly-processdecloak
Users that are interested in sandfly-processdecloak are comparing it to the libraries listed below
Sorting:
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆29Sep 29, 2025Updated 5 months ago
- Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …☆167Jun 11, 2024Updated last year
- A collection of tools adversaries commonly use in an attack.☆14Nov 23, 2024Updated last year
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago
- Compiled executables of common crypto and encoding algorithms☆16Oct 3, 2023Updated 2 years ago
- A library for fast parse & import of Windows Eventlogs into Elasticsearch.☆86Jun 23, 2025Updated 8 months ago
- ☆12Jun 29, 2021Updated 4 years ago
- Malware similarity platform with modularity in mind.☆80Jul 18, 2021Updated 4 years ago
- ☆19Dec 12, 2023Updated 2 years ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Jul 9, 2023Updated 2 years ago
- a State-Machine reversing exercise☆13Apr 22, 2021Updated 4 years ago
- Anything Sysmon related from the MSTIC R&D team☆156Jun 8, 2024Updated last year
- suspect is a simple bash triage tool☆19Aug 30, 2018Updated 7 years ago
- CVE-2024-23897 jenkins-cli☆15Jan 27, 2024Updated 2 years ago
- MalwareAnalysis☆12Dec 19, 2020Updated 5 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆253Oct 29, 2025Updated 4 months ago
- Parser for Sdba memory pool tags☆21Jul 16, 2021Updated 4 years ago
- ☆42Sep 16, 2022Updated 3 years ago
- A toy CTF Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface☆87Apr 8, 2025Updated 10 months ago
- Windows link file (shortcuts) examiner☆68Jun 9, 2024Updated last year
- ☆19Jul 29, 2022Updated 3 years ago
- ☆17Sep 29, 2023Updated 2 years ago
- Windows File Enumeration Intel Gathering Tool.☆17Sep 4, 2023Updated 2 years ago
- Conceptual Methods for Finding Commonalities in Macho Files☆12Mar 21, 2024Updated last year
- egrets monitors egress☆47Apr 12, 2020Updated 5 years ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- Mara is a userland pty/tty sniffer☆53Dec 22, 2023Updated 2 years ago
- Presentations from the CX Security Labs team☆35Jul 24, 2025Updated 7 months ago
- ☆28Mar 29, 2022Updated 3 years ago
- Initial triage of Windows Event logs☆106Jun 16, 2024Updated last year
- Golang Parser for Microsoft Event Logs☆105Nov 7, 2025Updated 3 months ago
- Load ssp dll golang implementation☆19Jan 18, 2022Updated 4 years ago
- A binary analysis framework☆133Dec 17, 2020Updated 5 years ago
- Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups☆723Dec 26, 2022Updated 3 years ago
- ☆21Jul 27, 2020Updated 5 years ago
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- Event Trace Log file parser in pure Python☆150Nov 27, 2020Updated 5 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆745Aug 18, 2023Updated 2 years ago