Bw3ll / sharemLinks
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
☆399Updated 2 weeks ago
Alternatives and similar repositories for sharem
Users that are interested in sharem are comparing it to the libraries listed below
Sorting:
- Important notes and topics on my journey towards mastering Windows Internals☆397Updated last year
- Exploring RPC interfaces on Windows☆326Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 3 months ago
- Yet another variant of Process Hollowing☆400Updated 5 months ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆761Updated last year
- PoCs for Kernelmode rootkit techniques research.☆376Updated 5 months ago
- A small x64 library to load dll's into memory.☆445Updated last year
- ☆300Updated 4 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆802Updated 11 months ago
- Sysmon-Like research tool for ETW☆353Updated 2 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆154Updated 11 months ago
- Vulnerable driver research tool, result and exploit PoCs☆195Updated last year
- Operating System Design Review: A systemic analysis of modern systems architecture☆314Updated 4 months ago
- A Binary Genetic Traits Lexer Framework☆496Updated this week
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆680Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆646Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆361Updated last month
- A tutorial on how to write a packer for Windows!☆281Updated last year
- Expriments☆465Updated 9 months ago
- Collect Windows telemetry for Maldev☆364Updated last week
- Assortment of hashing algorithms used in malware☆366Updated last week
- Centralized resource for listing and organizing known injection techniques and POCs☆588Updated last month
- FLARE Team's Binary Navigator☆266Updated last month
- Shoggoth: Asmjit Based Polymorphic Encryptor☆739Updated last year
- Sleep Obfuscation☆769Updated last year
- Useful scripts for WinDbg using the debugger data model☆417Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆504Updated last year
- ☆115Updated last week
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆566Updated 2 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆295Updated last year