Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆471Updated 5 months ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆200Updated 3 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆420Updated last year
- Vulnerable driver research tool, result and exploit PoCs☆225Updated 2 years ago
- Exploring RPC interfaces on Windows☆337Updated last year
- Collect Windows telemetry for Maldev☆448Updated last month
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆166Updated last year
- Operating System Design Review: A systematic analysis of modern systems architecture☆334Updated 3 weeks ago
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆418Updated 2 weeks ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆668Updated 3 years ago
- PoCs for Kernelmode rootkit techniques research.☆423Updated last month
- A tutorial on how to write a packer for Windows!☆300Updated 2 years ago
- Sysmon-Like research tool for ETW☆378Updated 3 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆792Updated last year
- ☆304Updated 4 years ago
- Yet another variant of Process Hollowing☆424Updated 4 months ago
- PoC Implementation of a fully dynamic call stack spoofer☆874Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆711Updated 2 years ago
- Assortment of hashing algorithms used in malware☆387Updated last month
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆464Updated 3 weeks ago
- Centralized resource for listing and organizing known injection techniques and POCs☆661Updated last week
- Aims to identify sleeping beacons☆645Updated last year
- Expriments☆476Updated last year
- ☆117Updated last week
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆531Updated last year
- A Binary Genetic Traits Lexer Framework☆516Updated 4 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆162Updated 2 weeks ago
- Python tool to check rootkits in Windows kernel☆203Updated 4 months ago
- Dynamic unpacker based on PE-sieve☆787Updated 3 months ago
- Analyse your malware to surgically obfuscate it☆511Updated last week
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆316Updated last year