Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆401Updated last month
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆167Updated 4 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆155Updated last year
- Exploring RPC interfaces on Windows☆327Updated last year
- Yet another variant of Process Hollowing☆405Updated this week
- ☆300Updated 4 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆765Updated last year
- Operating System Design Review: A systemic analysis of modern systems architecture☆317Updated 5 months ago
- Sysmon-Like research tool for ETW☆357Updated 2 years ago
- Vulnerable driver research tool, result and exploit PoCs☆198Updated last year
- Important notes and topics on my journey towards mastering Windows Internals☆401Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆649Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆806Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆690Updated 2 years ago
- A small x64 library to load dll's into memory.☆447Updated last year
- A Binary Genetic Traits Lexer Framework☆497Updated last week
- PoCs for Kernelmode rootkit techniques research.☆378Updated 6 months ago
- A tutorial on how to write a packer for Windows!☆284Updated last year
- Collect Windows telemetry for Maldev☆379Updated last week
- Assortment of hashing algorithms used in malware☆369Updated 2 weeks ago
- Python tool to check rootkits in Windows kernel☆198Updated 5 months ago
- Centralized resource for listing and organizing known injection techniques and POCs☆594Updated 2 weeks ago
- Dynamic unpacker based on PE-sieve☆744Updated 2 months ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆742Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆502Updated last year
- ☆113Updated 2 weeks ago
- Aims to identify sleeping beacons☆608Updated 7 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆546Updated this week
- Sleep Obfuscation☆771Updated last year
- FLARE Team's Binary Navigator☆270Updated this week
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆572Updated 2 years ago