Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆415Updated last month
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆172Updated 4 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆405Updated last year
- Vulnerable driver research tool, result and exploit PoCs☆213Updated last year
- Operating System Design Review: A systemic analysis of modern systems architecture☆318Updated 5 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆158Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs��☆769Updated last year
- ☆300Updated 4 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆814Updated last year
- Exploring RPC interfaces on Windows☆329Updated last year
- Sysmon-Like research tool for ETW☆359Updated 2 years ago
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆344Updated 4 months ago
- Python tool to check rootkits in Windows kernel☆198Updated 5 months ago
- Yet another variant of Process Hollowing☆412Updated 3 weeks ago
- Collect Windows telemetry for Maldev☆405Updated this week
- PoCs for Kernelmode rootkit techniques research.☆378Updated 7 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆654Updated 2 years ago
- A small x64 library to load dll's into memory.☆450Updated last year
- Assortment of hashing algorithms used in malware☆370Updated last month
- A tutorial on how to write a packer for Windows!☆286Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆690Updated 2 years ago
- ☆113Updated last month
- A Binary Genetic Traits Lexer Framework☆510Updated last week
- A DTrace on Windows Reimplementation☆351Updated 6 months ago
- Expriments☆466Updated 10 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆152Updated 2 weeks ago
- Tools and PoCs for Windows syscall investigation.☆361Updated 2 months ago
- Sleep Obfuscation☆777Updated last year
- FLARE Team's Binary Navigator☆276Updated 3 weeks ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆745Updated last year
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆574Updated 2 years ago