Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆394Updated last month
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆150Updated 11 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆678Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆641Updated 2 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆755Updated last year
- Yet another variant of Process Hollowing☆400Updated 4 months ago
- A small x64 library to load dll's into memory.☆443Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 2 months ago
- Tools and PoCs for Windows syscall investigation.☆361Updated 2 weeks ago
- ☆299Updated 4 years ago
- Expriments☆463Updated 8 months ago
- Exploring RPC interfaces on Windows☆322Updated last year
- PoCs for Kernelmode rootkit techniques research.☆375Updated 5 months ago
- TartarusGate, Bypassing EDRs☆592Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆566Updated 2 years ago
- ☆485Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆194Updated last year
- Dynamic unpacker based on PE-sieve☆736Updated 3 weeks ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆290Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆346Updated 4 months ago
- Collect Windows telemetry for Maldev☆356Updated 4 months ago
- Aims to identify sleeping beacons☆604Updated 6 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆501Updated last year
- Sleep Obfuscation☆764Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆789Updated 11 months ago
- Analyse your malware to surgically obfuscate it☆474Updated 3 weeks ago
- PoCs and tools for investigation of Windows process execution techniques☆921Updated 2 weeks ago
- Sysmon-Like research tool for ETW☆354Updated 2 years ago
- An automatic unpacker and logger for DotNet Framework targeting files☆253Updated last year
- Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the …☆345Updated this week
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆688Updated 3 months ago