Bw3ll / sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆388Updated last month
Alternatives and similar repositories for sharem:
Users that are interested in sharem are comparing it to the libraries listed below
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆158Updated 2 weeks ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆663Updated last year
- Important notes and topics on my journey towards mastering Windows Internals☆375Updated 11 months ago
- A small x64 library to load dll's into memory.☆437Updated last year
- PoCs for Kernelmode rootkit techniques research.☆365Updated 2 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆142Updated 8 months ago
- TartarusGate, Bypassing EDRs☆579Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆632Updated 2 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆738Updated last year
- Dynamic unpacker based on PE-sieve☆723Updated last month
- FLARE Team's Binary Navigator☆251Updated last week
- Analyse your malware to surgically obfuscate it☆463Updated last month
- ☆477Updated 2 years ago
- Operating System Design Review: A systemic analysis of modern systems architecture☆309Updated last month
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆280Updated last year
- A tutorial on how to write a packer for Windows!☆268Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆669Updated last month
- Yet another variant of Process Hollowing☆386Updated 2 months ago
- PoC Implementation of a fully dynamic call stack spoofer☆760Updated 8 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆488Updated last year
- Aims to identify sleeping beacons☆582Updated 4 months ago
- Sleep Obfuscation☆739Updated last year
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆115Updated 2 weeks ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆207Updated 2 years ago
- ☆295Updated 3 years ago
- Tools and PoCs for Windows syscall investigation.☆358Updated 3 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆531Updated last month
- Vulnerable driver research tool, result and exploit PoCs☆192Updated last year
- Sysmon-Like research tool for ETW☆354Updated 2 years ago
- Exploring RPC interfaces on Windows☆321Updated last year