Alternatives and similar repositories for SyscallHookDetector:

Users that are interested in SyscallHookDetector are comparing it to the libraries listed below

• ignacioj / WhacAMole
  Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…
  ☆39Updated 6 months ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 2 years ago
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆82Updated last year
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆19Updated last year
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated last year
• vysecurity / PacketParser
  A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
  ☆21Updated 8 months ago
• itm4n / Pentest-Windows
  Windows internals and exploitation tricks
  ☆93Updated 4 months ago
• mttaggart / quasar
  quASAR: ASAR manipulation made easy
  ☆31Updated 2 years ago
• rbmm / Services
  ☆18Updated 2 months ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆45Updated 2 years ago
• Teach2Breach / Red_Team_Rust
  Collection of Rust repos useful for Red Teamers.
  ☆32Updated 2 years ago
• Helixo32 / DetectHooks
  Detect userland hooks placed by AV/EDR
  ☆27Updated last year
• MMitsuha / Tajimari
  the Open Source and Pure C++ Packer for eXecutables
  ☆18Updated 2 years ago
• mgeeky / CustomXMLPart
  A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.
  ☆36Updated 2 years ago
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆16Updated last year
• PL-V / Firefox-WebInject
  Firefox webInjector capable of injecting codes into webpages using a mitmproxy.
  ☆40Updated 2 years ago
• RATandC2 / FilelessNtdllReflection
  Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
  ☆15Updated 2 years ago
• scriptchildie / gohellsgate
  Golang Implementation of Hell's gate
  ☆17Updated last year
• 0xv1n / proc-suspend
  powershell script i wrote that can suspend an arbitrary process (with limits)
  ☆20Updated 2 years ago
• 0xv1n / Havoc-ProfileGenerator
  malleable profile generator GUI for Havoc
  ☆56Updated last year
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆47Updated 2 years ago
• p4p1 / havoc-store
  A simple website to act as a store for havoc modules and extensions
  ☆25Updated 2 months ago
• sourcefrenchy / DEFCON-30---Exotic-Data-Exfiltration
  Slides from my talk at the Adversary Village, Defcon 30
  ☆29Updated 2 years ago
• zero2504 / FrostLock-Injection
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆14Updated 2 months ago
• outflanknl / RedELK-workshop
  Items related to the RedELK workshop given at security conferences
  ☆28Updated last year
• fern89 / runpe-x64
  RunPE adapted for x64 and written in C, does not use RWX
  ☆24Updated 10 months ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆39Updated last year
• rvrsh3ll / DInjector
  Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
  ☆21Updated 2 years ago
• Krypteria / Proxll
  Tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h
  ☆37Updated 5 months ago
• zimnyaa / LEOPARDSEAL
  A simple Linux in-memory .so loader
  ☆29Updated last year