Fadi002 / MalwareInvestigationLinks
reverse engineering random malwares
☆23Updated 5 months ago
Alternatives and similar repositories for MalwareInvestigation
Users that are interested in MalwareInvestigation are comparing it to the libraries listed below
Sorting:
- C# API for Nidhogg rootkit☆17Updated last year
- ☆25Updated 8 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆20Updated 2 months ago
- One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel☆43Updated last year
- UAC via computerdefaults.exe☆12Updated 3 months ago
- Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)☆61Updated last year
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆46Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 9 months ago
- Performs a global AMSI bypass by patching amsi.dll in memory.☆12Updated last month
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65Updated 2 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆47Updated last year
- Misery Loader to bypass modern EDR solutions☆11Updated 6 months ago
- Akame is an open-source, shellcode loader written in C++17☆20Updated 3 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆27Updated last year
- Ransomware written in go, encrypt - decrypt.☆25Updated 2 months ago
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆15Updated 3 years ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching☆11Updated 2 years ago
- ☆29Updated last year
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆13Updated 5 months ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆56Updated 3 years ago
- C# loader capable of running stage-1 from remote url, file path as well as file share☆16Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆22Updated 2 months ago
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.☆21Updated 2 months ago
- Change hash for a signed pe☆16Updated 2 years ago
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆65Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 3 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 7 months ago