stellarbear / YaraSharp

Related projects: ⓘ

• microsoft / libyara.NET
  .NET wrapper for libyara built in C++ CLI used to easily incorporate yara into .NET projects
  ☆49Updated last month
• malcomvetter / WMIProcessWatcher
  An example pattern in C# for using WMI to monitor process creation and termination events.
  ☆51Updated 6 years ago
• bytecode77 / bytecode-api
  Framework for C# development
  ☆66Updated this week
• enkomio / RunDotNetDll
  A simple utility to list all methods of a given .NET Assembly and to invoke them
  ☆71Updated 3 years ago
• herrcore / CmdDesktopSwitch
  CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to i…
  ☆33Updated 8 years ago
• zodiacon / DotNextSP2019
  DotNext 2019 St. Petersburg Talk Demos
  ☆36Updated 5 years ago
• EricZimmerman / RegistryPlugins
  ☆59Updated 2 months ago
• marcin-chwedczuk / dll-inject
  Simple DLL injector written in C#
  ☆24Updated 8 years ago
• EricZimmerman / Lnk
  Lnk file parser
  ☆78Updated 2 weeks ago
• zodiacon / DotNetExp
  ☆39Updated 10 months ago
• djhohnstein / .NET-Profiler-DLL-Hijack
  Implementation of the .NET Profiler DLL hijack in C#
  ☆98Updated 5 years ago
• secana / CertDump
  Dump certificates from PE files in different formats
  ☆36Updated 8 months ago
• AviAvni / NativeLeakDetector
  Win32 memory leak detector with ETW
  ☆41Updated 6 years ago
• suto1987 / AlphaFS
  AlphaFS is a .NET library providing more complete Win32 file system functionality to the .NET platform than the standard System.IO classe…
  ☆10Updated 3 years ago
• FuzzySecurity / Driver-Template
  Bare template for a Kernel Mode Driver
  ☆50Updated 4 years ago
• OmerYa / Named-Pipe-Sniffer
  Mario & Luigi - Tools for sniffing Windows Named Pipes communication
  ☆129Updated 7 years ago
• friedkiwi / netcrypt
  .NET executable packer
  ☆55Updated 5 years ago
• ignacioj / mftf
  $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility
  ☆36Updated 2 months ago
• Dewera / Pluto
  A manual system call library that supports functions from both ntdll.dll and win32u.dll
  ☆107Updated last year
• mandiant / jitm
  JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
  ☆49Updated 3 years ago
• SkiDzEX / SkiDzEX
  ☆59Updated this week
• sysopfb / Unpackers
  My collection of unpackers for malware packers/crypters
  ☆28Updated 7 years ago
• enkomio / Anathema
  .NET instrumentation framework
  ☆72Updated 6 years ago
• TheWover / EasyNet
  Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library.…
  ☆90Updated 5 years ago
• zodiacon / DebugHelp
  .NET wrapper for dbghelp.dll
  ☆21Updated 5 years ago
• nccgroup / WindowsMemPageDelta
  A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection
  ☆28Updated 3 years ago
• TheWover / ModuleMonitor
  Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…
  ☆39Updated 5 years ago
• mobdk / CloneProcess
  Clone running process with ZwCreateProcess
  ☆58Updated 3 years ago
• airbus-cert / dnYara
  A multi-platform .Net wrapper library for the native Yara library.
  ☆35Updated last year
• wireless90 / ProcessInjector.NET
  Learning Process Injection and Hollowing techniques
  ☆39Updated 2 years ago