SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆479Jun 25, 2025Updated 8 months ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆171Aug 1, 2023Updated 2 years ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆165Dec 5, 2025Updated 3 months ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆675Dec 23, 2022Updated 3 years ago
- A modern 32/64-bit position independent implant template☆1,295Mar 21, 2025Updated 11 months ago
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆807Mar 16, 2024Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)☆62Aug 11, 2023Updated 2 years ago
- PoCs and tools for investigation of Windows process execution techniques☆953Feb 2, 2026Updated last month
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,594Jul 31, 2024Updated last year
- Yet another variant of Process Hollowing☆460Jul 31, 2025Updated 7 months ago
- AV/EDR evasion via direct system calls.☆1,795Sep 3, 2022Updated 3 years ago
- Performing Indirect Clean Syscalls☆604Apr 19, 2023Updated 2 years ago
- A tool to kill antimalware protected processes☆1,505Jun 19, 2021Updated 4 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- Converts PE into a shellcode☆2,747Aug 30, 2025Updated 6 months ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 3 months ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆781Apr 10, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,274Feb 15, 2026Updated 2 weeks ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆125Jul 12, 2024Updated last year
- Dynamic unpacker based on PE-sieve☆799Sep 13, 2025Updated 5 months ago
- Alternative Shellcode Execution Via Callbacks☆1,698Nov 11, 2022Updated 3 years ago
- Windows kernel and user mode emulation.☆1,860Updated this week
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆501Jan 10, 2023Updated 3 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,092Jun 17, 2022Updated 3 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated last month
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,042Jun 20, 2023Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,051Oct 14, 2025Updated 4 months ago
- ☆1,787Aug 30, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month