Bw3ll / sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆343Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for sharem
- Yet another variant of Process Hollowing☆355Updated 8 months ago
- ☆111Updated 2 weeks ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆139Updated this week
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆111Updated 2 months ago
- Sleep Obfuscation☆686Updated 11 months ago
- TartarusGate, Bypassing EDRs☆534Updated 2 years ago
- Exploring RPC interfaces on Windows☆284Updated 9 months ago
- ☆290Updated 3 years ago
- Sysmon-Like research tool for ETW☆336Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆353Updated 6 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆629Updated last year
- PoCs for Kernelmode rootkit techniques research.☆334Updated last week
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆260Updated 10 months ago
- Vulnerable driver research tool, result and exploit PoCs☆181Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆687Updated 8 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆621Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆709Updated 4 months ago
- A small x64 library to load dll's into memory.☆424Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆125Updated 4 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆111Updated 4 months ago
- Static Binary Instrumentation tool for Windows x64 executables☆180Updated 3 weeks ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆199Updated 2 years ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆494Updated 7 months ago
- Kernel Exploits☆242Updated 3 years ago
- Performing Indirect Clean Syscalls☆483Updated last year
- ☆461Updated 2 years ago
- Aims to identify sleeping beacons☆490Updated 5 months ago
- GhostWriting Injection Technique.☆163Updated 6 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆325Updated 5 months ago
- The source code files that accompany the short book "Building C2 Implants in C++: A Primer" by Steven Patterson (@shogun_lab).☆223Updated 4 months ago