Fadi002 / MalwareInvestigation
reverse engineering random malwares
☆20Updated last month
Alternatives and similar repositories for MalwareInvestigation:
Users that are interested in MalwareInvestigation are comparing it to the libraries listed below
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆19Updated 8 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆11Updated 7 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 9 months ago
- C# API for Nidhogg rootkit☆17Updated 11 months ago
- One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel☆43Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 9 months ago
- Change hash for a signed pe☆16Updated last year
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.☆20Updated 7 months ago
- Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.☆11Updated 9 months ago
- Ransomware written in go, encrypt - decrypt.☆18Updated 9 months ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆20Updated last month
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 6 months ago
- Parent Process ID Spoofing, coded in CGo.☆22Updated 9 months ago
- C# loader capable of running stage-1 from remote url, file path as well as file share☆17Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆19Updated last month
- ☆11Updated 2 years ago
- Unhook Ntdll.dll, Go & C++.☆21Updated 8 months ago
- ☆21Updated 11 months ago
- Trojan written in C++ for Windows☆15Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 7 months ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆26Updated last year
- ☆37Updated last month
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆15Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Updated 3 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆17Updated 10 months ago
- shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually fro…☆9Updated 6 months ago
- Threadless injection via TLS callbacks☆16Updated 4 months ago
- Standalone Metasploit-like XOR encoder for shellcode☆47Updated 10 months ago
- ☆52Updated 2 years ago