Bw3ll / sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆388Updated this week
Alternatives and similar repositories for sharem:
Users that are interested in sharem are comparing it to the libraries listed below
- PoC Implementation of a fully dynamic call stack spoofer☆771Updated 9 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆668Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆742Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆635Updated 2 years ago
- ☆297Updated 4 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆143Updated 9 months ago
- A small x64 library to load dll's into memory.☆437Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆160Updated last month
- Sleep Obfuscation☆749Updated last year
- Aims to identify sleeping beacons☆588Updated 4 months ago
- Vulnerable driver research tool, result and exploit PoCs☆193Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆490Updated last year
- TartarusGate, Bypassing EDRs☆580Updated 3 years ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆536Updated this week
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆675Updated last month
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆448Updated last year
- PoCs for Kernelmode rootkit techniques research.☆374Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆338Updated 2 months ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆559Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆730Updated last month
- Analyse your malware to surgically obfuscate it☆465Updated 2 months ago
- FLARE Team's Binary Navigator☆252Updated last month
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆333Updated 8 months ago
- A Binary Genetic Traits Lexer Framework☆490Updated 2 months ago
- Centralized resource for listing and organizing known injection techniques and POCs☆475Updated 2 weeks ago
- Important notes and topics on my journey towards mastering Windows Internals☆376Updated last year
- Exploring RPC interfaces on Windows☆321Updated last year
- Python tool to check rootkits in Windows kernel☆195Updated 2 months ago
- For when DLLMain is the only way☆375Updated 6 months ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆473Updated last year