Bw3ll / sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆387Updated last week
Alternatives and similar repositories for sharem:
Users that are interested in sharem are comparing it to the libraries listed below
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆633Updated 2 years ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆156Updated last month
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆661Updated last year
- Sleep Obfuscation☆733Updated last year
- For when DLLMain is the only way☆373Updated 4 months ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆735Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆139Updated 8 months ago
- Operating System Design Review: A systemic analysis of modern systems architecture☆305Updated 3 weeks ago
- TartarusGate, Bypassing EDRs☆568Updated 3 years ago
- Important notes and topics on my journey towards mastering Windows Internals☆368Updated 10 months ago
- Vulnerable driver research tool, result and exploit PoCs☆189Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆751Updated 8 months ago
- Collect Windows telemetry for Maldev☆316Updated last month
- A small x64 library to load dll's into memory.☆435Updated last year
- Dynamic unpacker based on PE-sieve☆715Updated last week
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- Exploring RPC interfaces on Windows☆320Updated last year
- ☆295Updated 3 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆655Updated last week
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆481Updated last year
- Sysmon-Like research tool for ETW☆352Updated 2 years ago
- PoCs for Kernelmode rootkit techniques research.☆358Updated 2 months ago
- Aims to identify sleeping beacons☆571Updated 3 months ago
- Python tool to check rootkits in Windows kernel☆195Updated 3 weeks ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆205Updated 2 years ago
- Expriments☆452Updated 5 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆445Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆273Updated last year
- Yet another variant of Process Hollowing☆384Updated last month
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆119Updated last year