CyberSecurityUP / SyscallHookDetector
☆17Updated 5 months ago
Alternatives and similar repositories for SyscallHookDetector:
Users that are interested in SyscallHookDetector are comparing it to the libraries listed below
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆39Updated 6 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80☆19Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.☆21Updated 8 months ago
- Windows internals and exploitation tricks☆93Updated 4 months ago
- quASAR: ASAR manipulation made easy☆31Updated 2 years ago
- ☆18Updated 2 months ago
- API Hammering with C++20☆45Updated 2 years ago
- Collection of Rust repos useful for Red Teamers.☆32Updated 2 years ago
- Detect userland hooks placed by AV/EDR☆27Updated last year
- the Open Source and Pure C++ Packer for eXecutables☆18Updated 2 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆36Updated 2 years ago
- Just another Process Injection using Process Hollowing technique.☆16Updated last year
- Firefox webInjector capable of injecting codes into webpages using a mitmproxy.☆40Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- Golang Implementation of Hell's gate☆17Updated last year
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated 2 years ago
- malleable profile generator GUI for Havoc☆56Updated last year
- A work in progress BOF/COFF loader in Rust☆47Updated 2 years ago
- A simple website to act as a store for havoc modules and extensions☆25Updated 2 months ago
- Slides from my talk at the Adversary Village, Defcon 30☆29Updated 2 years ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆14Updated 2 months ago
- Items related to the RedELK workshop given at security conferences☆28Updated last year
- RunPE adapted for x64 and written in C, does not use RWX☆24Updated 10 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆21Updated 2 years ago
- Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆37Updated 5 months ago
- A simple Linux in-memory .so loader☆29Updated last year