Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆390Updated 3 weeks ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆637Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆675Updated last year
- ☆298Updated 4 years ago
- Sleep Obfuscation☆760Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆750Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆144Updated 10 months ago
- Aims to identify sleeping beacons☆596Updated 5 months ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 2 months ago
- Collect Windows telemetry for Maldev☆349Updated 3 months ago
- PoCs for Kernelmode rootkit techniques research.☆375Updated 4 months ago
- Vulnerable driver research tool, result and exploit PoCs☆193Updated last year
- Yet another variant of Process Hollowing☆395Updated 4 months ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆563Updated 2 years ago
- A small x64 library to load dll's into memory.☆441Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆779Updated 10 months ago
- Analyse your malware to surgically obfuscate it☆469Updated this week
- Tools and PoCs for Windows syscall investigation.☆360Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆341Updated 3 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆389Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆684Updated 2 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆499Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆536Updated last month
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆476Updated last year
- TartarusGate, Bypassing EDRs☆585Updated 3 years ago
- ☆481Updated 2 years ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆117Updated last month
- ☆114Updated last month
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆289Updated last year
- Expriments☆458Updated 8 months ago
- Operating System Design Review: A systemic analysis of modern systems architecture☆313Updated 3 months ago