30 open-source projects similar to invoke-ir/uproot, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Uproot alternative.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Behavior based monitoring and hunting tool built in C# leveraging ETW tracing. Blue teamers can use this tool to detect and respond to potential Cobalt Strike beacons. Red teamers can use this tool to research ETW bypasses and discover new processes that behave like beacons.
BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity.
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
Web Shell Detector Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector…
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
An Active Defense and EDR software to empower Blue Teams
LogonTracer is a security auditing tool designed for logon analysis and forensic log auditing. It functions as a dockerized security auditor that utilizes a security event graph database to map account names and network addresses, allowing for the visualization of complex system compromise patterns and authentication paths. The system features a Sigma detection engine that scans imported event logs against standardized rule sets to identify known malicious activity. It also includes an anomalous behavior detector that applies statistical analysis, graph algorithms, and hidden Markov models to
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Identifies the bytes that Microsoft Defender flags on.
Agile - ArchangelCloak - Atomic - AutoIt - Autori Obfuscator - Babel - BoxedAppPacker - BytePress - Beebyte - Confuser 1.9 - ConfuserEx - Crypto Obfuscator - Cypher - DCNETProtector - De4dot - DNGuard - DotnetPatcher - DotNetCompressor - DotRefiner - DotWall - Dumper - Eazfuscator - Habib -…
Guidance for mitigation web shells. #nsacyber
A curated list of awesome Security Hardening techniques for Windows.