0xflux / SanctumLinks
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
☆337Updated last week
Alternatives and similar repositories for Sanctum
Users that are interested in Sanctum are comparing it to the libraries listed below
Sorting:
- Collect Windows telemetry for Maldev☆405Updated this week
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆347Updated last year
- Some POCs for my BYOVD research and find some vulnerable drivers☆319Updated last month
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆354Updated 6 months ago
- Call Stack Spoofing for Rust☆187Updated last month
- ROP-based sleep obfuscation to evade memory scanners☆359Updated 2 months ago
- kernel callback removal (Bypassing EDR Detections)☆187Updated 5 months ago
- Process Injection using Thread Name☆277Updated 4 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆325Updated 10 months ago
- Dynamically invoke arbitrary unmanaged code☆349Updated 9 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆224Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆352Updated last year
- Using fibers to run in-memory code.☆217Updated last year
- ☆17Updated 7 months ago
- Tools for analyzing EDR agents☆241Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆263Updated last year
- Call stack spoofing for Rust☆340Updated 6 months ago
- Some Rust program I wrote while learning Malware Development☆140Updated 6 months ago
- Threadless Process Injection through entry point hijacking☆348Updated 11 months ago
- Windows rootkit designed to work with BYOVD exploits☆205Updated 7 months ago
- Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust☆272Updated last year
- Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust☆64Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆233Updated 3 months ago
- ☆195Updated last year
- ☆403Updated 8 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆310Updated last year
- Rust For Windows Cheatsheet☆121Updated 9 months ago
- DLL proxying for lazy people☆181Updated last month
- Memory Obfuscation in Rust☆249Updated last month
- Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.☆295Updated 2 months ago