Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆466Updated 3 months ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆196Updated last month
- Important notes and topics on my journey towards mastering Windows Internals☆409Updated last year
- Exploring RPC interfaces on Windows☆332Updated last year
- Vulnerable driver research tool, result and exploit PoCs☆217Updated last year
- PoCs for Kernelmode rootkit techniques research.☆409Updated last month
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆403Updated 2 weeks ago
- Operating System Design Review: A systematic analysis of modern systems architecture☆328Updated 7 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆165Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆777Updated last year
- A Binary Genetic Traits Lexer Framework☆515Updated 2 months ago
- PoC Implementation of a fully dynamic call stack spoofer☆842Updated last year
- A tutorial on how to write a packer for Windows!☆291Updated last year
- Yet another variant of Process Hollowing☆421Updated 2 months ago
- Sysmon-Like research tool for ETW☆368Updated 2 years ago
- Collect Windows telemetry for Maldev☆426Updated 3 weeks ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆659Updated 2 years ago
- FLARE Team's Binary Navigator☆288Updated last week
- ☆301Updated 4 years ago
- Assortment of hashing algorithms used in malware☆379Updated 2 weeks ago
- Useful scripts for WinDbg using the debugger data model☆420Updated last year
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆464Updated 2 months ago
- Sleep Obfuscation☆796Updated last year
- Python tool to check rootkits in Windows kernel☆201Updated 2 months ago
- Evasion by machine code de-optimization.☆408Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆700Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆774Updated last month
- Shoggoth: Asmjit Based Polymorphic Encryptor☆752Updated last year
- A small x64 library to load dll's into memory.☆448Updated last year
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆158Updated last month
- ☆114Updated 3 months ago