Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆471Updated 5 months ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆199Updated 2 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆416Updated last year
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆167Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆789Updated last year
- Exploring RPC interfaces on Windows☆336Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆860Updated last year
- Collect Windows telemetry for Maldev☆437Updated last month
- Yet another variant of Process Hollowing☆419Updated 4 months ago
- ☆303Updated 4 years ago
- PoCs for Kernelmode rootkit techniques research.☆421Updated last month
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆414Updated 3 weeks ago
- Vulnerable driver research tool, result and exploit PoCs☆224Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆707Updated 2 years ago
- Sysmon-Like research tool for ETW☆368Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆662Updated 2 years ago
- Assortment of hashing algorithms used in malware☆386Updated last month
- Operating System Design Review: A systematic analysis of modern systems architecture☆332Updated this week
- A Binary Genetic Traits Lexer Framework☆518Updated 3 months ago
- A small x64 library to load dll's into memory.☆450Updated 2 years ago
- Aims to identify sleeping beacons☆641Updated 11 months ago
- Performing Indirect Clean Syscalls☆590Updated 2 years ago
- Sleep Obfuscation☆805Updated 2 years ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆529Updated last year
- Tools and PoCs for Windows syscall investigation.☆366Updated 5 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆572Updated 4 months ago
- Expriments☆475Updated last year
- ☆772Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆583Updated 2 years ago
- ☆114Updated this week
- A tutorial on how to write a packer for Windows!☆298Updated last year