Aether is a Windows memory-forensics and threat hunting tool that scans live process memory for malicious pattern, detect injection techniques, implant signatures, reflectively loaded .NET assemblies. it works with a multi-layer confidence model that dramatically reduce the false positive rate and hunt for malicious behaviour.
☆52Jul 5, 2026Updated last week
Alternatives and similar repositories for aether
Users that are interested in aether are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.☆84Jun 15, 2026Updated 3 weeks ago
- DriverSentinel is a security tool developed in Go that detects malicious and vulnerable drivers on Windows systems by comparing them agai…☆36May 2, 2026Updated 2 months ago
- Modern Web Application Firewall for Kong Gateway☆28Jul 7, 2026Updated last week
- Async BOF that notifies the operator when a user connects to a local or remote target system.☆34Jun 17, 2026Updated 3 weeks ago
- ☆22May 19, 2026Updated last month
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- System Call Integrity Layer - experimental security research☆28Apr 14, 2026Updated 3 months ago
- Azure RedOps is a offensive security toolkit for assessing the security posture of Microsoft Entra ID☆176Updated this week
- User-mode ETW interception and telemetry manipulation lab for Windows security research.☆42Jun 15, 2026Updated 3 weeks ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Evasive loader for .NET Framework assemblies☆82May 12, 2026Updated 2 months ago
- Test bench lab for Shellcode Obfuscation☆37Sep 2, 2025Updated 10 months ago
- Repository hosting a hypothetical EDR Spoofer, as discovered originally by Nightmare-Eclipse☆41May 27, 2026Updated last month
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- Janus analyzes C2 telemetry to surface failure patterns, operator friction, and automation opportunities across engagements.☆54Jun 23, 2026Updated 3 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made …☆62Jun 15, 2026Updated 3 weeks ago
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Cross-platform incident response toolkit. 28 pre-built use cases in a single zero-install binary: triage, threat hunting, memory forensic…☆150Jul 6, 2026Updated last week
- NSecSoftBYOVD POC☆61Feb 12, 2026Updated 5 months ago
- A header-only, freestanding C++20 template for IR-bytecode VM loaders☆26May 10, 2026Updated 2 months ago
- Repo hacks☆21Dec 7, 2025Updated 7 months ago
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆72Mar 24, 2026Updated 3 months ago
- KslDump — Why bring your own knife when Defender already left one in the kitchen?☆392Apr 13, 2026Updated 3 months ago
- Windows memory scanner for call stack spoofing detection, unbacked shellcode, injected DLLs and in-memory C2 implants.☆37May 22, 2026Updated last month
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- OpenGraph Collector for Tailscale☆43Updated this week
- Static analysis & exploitation-triage toolkit for Windows kernel drivers. Discover IOCTLs, Symbolic Links, and check cert , and Downlaods…☆191Apr 27, 2026Updated 2 months ago
- Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)☆69Apr 3, 2026Updated 3 months ago
- Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR…☆108Updated this week
- Vectored Exception Handling Squared☆30Dec 27, 2025Updated 6 months ago
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- Ported from [LACUNA Chain](https://github.com/MazX0p/LACUNA-Chain) by Mohamed Alzhrani (0xmaz). lacuna-rs is a reusable Rust crate that …☆17Jul 2, 2026Updated last week
- Python tool to automatically perform SPN-less RBCD attacks.☆132Jan 7, 2026Updated 6 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- MuddyWater C2 framework research☆11Jun 28, 2023Updated 3 years ago
- Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.☆97Apr 30, 2026Updated 2 months ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found …☆313May 24, 2026Updated last month
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆564Mar 24, 2026Updated 3 months ago
- Bring your own Unwind Data Framework☆156Mar 15, 2026Updated 4 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆172Aug 30, 2025Updated 10 months ago