SHAREM is a shellcode analysis framework, capable of emulating more than 45,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆486Mar 22, 2026Updated 3 months ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆175Apr 12, 2026Updated 2 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆169Dec 5, 2025Updated 6 months ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆254Jul 9, 2024Updated last year
- Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)☆62Aug 11, 2023Updated 2 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆673Dec 23, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Cobalt Strike UDRL for memory scanner evasion.☆1,020Jun 4, 2024Updated 2 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆829Mar 16, 2024Updated 2 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆511Feb 3, 2022Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆538Aug 1, 2022Updated 3 years ago
- A modern 32/64-bit position independent implant template☆1,350Jun 1, 2026Updated last month
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆967Jul 20, 2024Updated last year
- Windows kernel and user mode emulation.☆1,997Jun 26, 2026Updated last week
- Converts PE into a shellcode☆2,776Aug 30, 2025Updated 10 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A tool to kill antimalware protected processes☆1,516Jun 19, 2021Updated 5 years ago
- Performing Indirect Clean Syscalls☆616May 2, 2026Updated 2 months ago
- PoCs and tools for investigation of Windows process execution techniques☆961Feb 2, 2026Updated 5 months ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆796Apr 4, 2026Updated 3 months ago
- AV/EDR evasion via direct system calls.☆1,817Sep 3, 2022Updated 3 years ago
- This framework enables user to discover JOP gagdets and can automate building a complete JOP chain to bypass DEP. JOP ROCKET is the ultim…☆116Aug 31, 2024Updated last year
- kill anti-malware protected processes ( BYOVD )☆983Jul 21, 2023Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆818Apr 14, 2026Updated 2 months ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,645Jul 31, 2024Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆729Jul 19, 2023Updated 2 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,116Jun 17, 2022Updated 4 years ago
- A Pin Tool for tracing API calls etc☆1,665Jun 2, 2026Updated last month
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆320Aug 31, 2023Updated 2 years ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆504Jan 10, 2023Updated 3 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆126Jul 12, 2024Updated last year
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆499Jan 25, 2022Updated 4 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆412Jan 11, 2026Updated 5 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Enumerate various traits from Windows processes as an aid to threat hunting☆203Jan 13, 2022Updated 4 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,061Jun 20, 2023Updated 3 years ago
- Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.☆2,420Jun 26, 2026Updated last week
- Yet another variant of Process Hollowing☆470Jul 31, 2025Updated 11 months ago
- Alternative Shellcode Execution Via Callbacks☆1,728Nov 11, 2022Updated 3 years ago
- ☆1,825Aug 30, 2024Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 7 months ago