sandflysecurity/sandfly-processdecloak external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sandflysecurity/sandfly-processdecloak

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sandflysecurity/sandfly-processdecloak)

Close

sandflysecurity / sandfly-processdecloakView on GitHubMore

• External links
• Readme badge

Sandfly Linux Stealth Rootkit Decloaking Utility

☆108Jan 19, 2023Updated 3 years ago

Alternatives and similar repositories for sandfly-processdecloak

Users that are interested in sandfly-processdecloak are comparing it to the libraries listed below

• sandflysecurity / sandfly-file-decloak

  View on GitHub
  Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.
  ☆29Sep 29, 2025Updated 5 months ago
• sandflysecurity / sandfly-entropyscan

  View on GitHub
  Entropy scanner for Linux to detect packed or encrypted binaries related to malware. Finds malicious files and Linux processes and gives …
  ☆168Jun 11, 2024Updated last year
• alexander-hanel / asm-examples

  View on GitHub
  Compiled executables of common crypto and encoding algorithms
  ☆16Oct 3, 2023Updated 2 years ago
• cado-security / rip_raw

  View on GitHub
  Rip Raw is a small tool to analyse the memory of compromised Linux systems.
  ☆133Jan 31, 2022Updated 4 years ago
• theevilbit / DuckDockTile

  View on GitHub
  ☆17Sep 29, 2023Updated 2 years ago
• kyle-phillips / adversarial-tools

  View on GitHub
  A collection of tools adversaries commonly use in an attack.
  ☆14Nov 23, 2024Updated last year
• 2igosha / presentations

  View on GitHub
  ☆12May 6, 2020Updated 5 years ago
• cecio / EMOTET-2020-Reversing

  View on GitHub
  a State-Machine reversing exercise
  ☆13Apr 22, 2021Updated 4 years ago
• darksh3llRU / dark-doh

  View on GitHub
  ☆19Dec 12, 2023Updated 2 years ago
• hyp3rlinx / NtFileSins

  View on GitHub
  Windows File Enumeration Intel Gathering Tool.
  ☆17Sep 4, 2023Updated 2 years ago
• LETHAL-FORENSICS / Collect-MemoryDump

  View on GitHub
  Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR
  ☆254Oct 29, 2025Updated 4 months ago
• sumeshi / evtx2es

  View on GitHub
  A fast library for parsing and importing Windows Event Logs into Elasticsearch.
  ☆86Updated this week
• microsoft / MSTIC-Sysmon

  View on GitHub
  Anything Sysmon related from the MSTIC R&D team
  ☆156Jun 8, 2024Updated last year
• cado-security / MalwareAnalysis

  View on GitHub
  MalwareAnalysis
  ☆12Dec 19, 2020Updated 5 years ago
• AndrewFasano / tenet_tracer

  View on GitHub
  PANDA-powered tracing engine for tenet
  ☆11Apr 7, 2022Updated 3 years ago
• cbasnett / Log-Extractor

  View on GitHub
  ☆28Mar 29, 2022Updated 3 years ago
• zMarch / suspect

  View on GitHub
  suspect is a simple bash triage tool
  ☆19Aug 30, 2018Updated 7 years ago
• StrangerealIntel / DeltaFlare

  View on GitHub
  ☆12Jun 29, 2021Updated 4 years ago
• ancat / egrets

  View on GitHub
  egrets monitors egress
  ☆47Apr 12, 2020Updated 5 years ago
• ArsenalRecon / SdbaParser

  View on GitHub
  Parser for Sdba memory pool tags
  ☆21Jul 16, 2021Updated 4 years ago
• h3xduck / TripleCross

  View on GitHub
  A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
  ☆1,949Apr 7, 2024Updated last year
• linuxthor / rkbreaker

  View on GitHub
  Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes
  ☆12Sep 30, 2020Updated 5 years ago
• CiscoCXSecurity / presentations

  View on GitHub
  Presentations from the CX Security Labs team
  ☆35Jul 24, 2025Updated 7 months ago
• W3ndige / aurora

  View on GitHub
  Malware similarity platform with modularity in mind.
  ☆80Jul 18, 2021Updated 4 years ago
• airbus-cert / etl-parser

  View on GitHub
  Event Trace Log file parser in pure Python
  ☆150Nov 27, 2020Updated 5 years ago
• MITRECND / malchive

  View on GitHub
  Various capabilities for static malware analysis.
  ☆80Sep 4, 2024Updated last year
• 0xrawsec / gene-rules

  View on GitHub
  ☆42Sep 16, 2022Updated 3 years ago
• malrev / ABD

  View on GitHub
  Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
  ☆1,162Nov 14, 2020Updated 5 years ago
• ashemery / LinuxForensics

  View on GitHub
  Everything related to Linux Forensics
  ☆718Jul 13, 2023Updated 2 years ago
• alexander-hanel / RenameLocalVars

  View on GitHub
  RenameLocalVars is an IDA plugin that renames local variables to something easier to read.
  ☆15Jul 9, 2023Updated 2 years ago
• P4x1s / CVE-2024-23897

  View on GitHub
  CVE-2024-23897 jenkins-cli
  ☆15Jan 27, 2024Updated 2 years ago
• forensiclunch / ETLParser

  View on GitHub
  Binary commandline executable to parse ETL files
  ☆69Jun 7, 2018Updated 7 years ago
• timwhitez / Doge-AddSSP

  View on GitHub
  Load ssp dll golang implementation
  ☆19Jan 18, 2022Updated 4 years ago
• waldo-irc / MalMemDetect

  View on GitHub
  Detect strange memory regions and DLLs
  ☆190Jan 20, 2022Updated 4 years ago
• audibleblink / gorsh

  View on GitHub
  A toy CTF Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface
  ☆87Apr 8, 2025Updated 11 months ago
• nccgroup / pybeacon

  View on GitHub
  A collection of scripts for dealing with Cobalt Strike beacons in Python
  ☆169Jan 5, 2021Updated 5 years ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆663Jan 25, 2026Updated last month
• vobst / BPFVol3

  View on GitHub
  Linux BPF plugins for Volatility3
  ☆23Jan 19, 2024Updated 2 years ago
• enkomio / Sojobo

  View on GitHub
  A binary analysis framework
  ☆133Dec 17, 2020Updated 5 years ago