Fadi002 / MalwareInvestigation
reverse engineering random malwares
☆22Updated 2 months ago
Alternatives and similar repositories for MalwareInvestigation:
Users that are interested in MalwareInvestigation are comparing it to the libraries listed below
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆15Updated last week
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆13Updated this week
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 10 months ago
- Change hash for a signed pe☆16Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆18Updated this week
- C# API for Nidhogg rootkit☆17Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 7 months ago
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆15Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆85Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆20Updated last month
- Hide code from dnSpy and other C# spying tools☆42Updated 4 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆20Updated this week
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆42Updated 10 months ago
- Proof of Concept example for abusing Process Hacker 2 (v2.39.124)☆21Updated 5 months ago
- Standalone Metasploit-like XOR encoder for shellcode☆48Updated 11 months ago
- Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.☆11Updated this week
- Parent Process ID Spoofing, coded in CGo.☆22Updated 9 months ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆17Updated 8 months ago
- Unhook Ntdll.dll, Go & C++.☆21Updated this week
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆31Updated last year
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆37Updated 7 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.☆26Updated 3 weeks ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 10 months ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Updated 3 years ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- Reports on Driver, LSASS and other security services mitigations☆15Updated 2 weeks ago
- ☆38Updated 2 months ago