you0708 / lznt1Links
Python implementation of LZNT1 compression/decompression
☆64Updated 5 years ago
Alternatives and similar repositories for lznt1
Users that are interested in lznt1 are comparing it to the libraries listed below
Sorting:
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- Enumerate Windows Defender threat families and dump their names according category☆90Updated 6 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆123Updated 4 years ago
- FLARE Kernel Shellcode Loader☆178Updated 6 years ago
- ☆71Updated last year
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis☆85Updated 3 years ago
- pyGoRE - Python library for analyzing Go binaries☆64Updated 3 years ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆65Updated 3 years ago
- A git history of Windows filesystems☆76Updated 4 years ago
- Generating YARA rules based on binary code☆210Updated 3 years ago
- CAPE monitor DLLs☆41Updated 5 years ago
- Flare-On solutions☆36Updated 5 years ago
- ☆49Updated 5 years ago
- Rekall Memory Forensic Framework☆32Updated 5 years ago
- ☆22Updated 4 years ago
- A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.☆32Updated 11 months ago
- Process reimaging proof of concept code☆96Updated 5 years ago
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆183Updated 4 years ago
- A simple API monitor for Windbg☆63Updated 8 years ago
- Extract OLEv1 objects from RTF files by instrumenting Word☆51Updated 5 years ago
- Smart DLL execution for malware analysis in sandbox systems☆144Updated 10 years ago
- ANBU (Automatic New Binary Unpacker) a tool for me to learn about PIN and about algorithms for generic unpacking.☆91Updated 6 years ago
- Simple 32/64-bit PEs loader.☆138Updated 6 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆108Updated 4 years ago
- This is a simple tool to dump all the reparse points on an NTFS volume.☆33Updated 4 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆143Updated 4 years ago
- ☆115Updated 8 years ago
- zer0m0n driver for cuckoo sandbox☆87Updated 8 years ago