☆117Aug 9, 2016Updated 9 years ago
Alternatives and similar repositories for malWASH
Users that are interested in malWASH are comparing it to the libraries listed below
Sorting:
- Class implementation of PowerLoader injection technique☆32Dec 23, 2016Updated 9 years ago
- Membrane: A Posteriori Detection of Malicious Code Loading by Memory Paging Analysis☆41Sep 12, 2016Updated 9 years ago
- User-mode hook bypassing method☆33Aug 26, 2016Updated 9 years ago
- Some interesting code☆18Jan 16, 2015Updated 11 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago
- This repository contains D-TIME: Distributed Threadless Independent Malware Execution for Runtime Obfuscation.☆36Jan 22, 2021Updated 5 years ago
- Simple code to resolve library functions at runtime☆10Jan 5, 2015Updated 11 years ago
- ☆22Jul 7, 2017Updated 8 years ago
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64☆383Apr 17, 2017Updated 8 years ago
- This is a fuzzer for Windows SEH buffer overflow.☆15Oct 17, 2017Updated 8 years ago
- collection of scripts and stuff☆12Aug 15, 2016Updated 9 years ago
- ☆11Mar 11, 2015Updated 10 years ago
- Process Doppelgänging☆162Dec 19, 2017Updated 8 years ago
- kernel space code☆12Jun 8, 2019Updated 6 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆341Jul 30, 2017Updated 8 years ago
- Research on Anti-malware and other related security solutions☆265Jul 25, 2020Updated 5 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- Reflective PE loader for DLL injection☆187Oct 12, 2017Updated 8 years ago
- ☆30May 23, 2017Updated 8 years ago
- A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use…☆123Jun 27, 2017Updated 8 years ago
- foolav successor - loads DLL, executable or shellcode into memory and runs it effectively bypassing AV☆111Aug 23, 2021Updated 4 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆109May 27, 2021Updated 4 years ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- An example malicious payload controller and obfuscator assisted by TPM-protected keys☆39Aug 10, 2014Updated 11 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Apr 13, 2018Updated 7 years ago
- IDApro idc and idapython script collection☆28Aug 22, 2023Updated 2 years ago
- ☆21Jul 18, 2017Updated 8 years ago
- metame is a metamorphic code engine for arbitrary executables☆599Oct 6, 2019Updated 6 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆108Jan 3, 2021Updated 5 years ago
- Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, Analysis Tools Detection Tools☆463Nov 22, 2018Updated 7 years ago
- Phantom DLL hollowing PoC☆370May 23, 2022Updated 3 years ago
- PE Infector/Cryptor source code☆16Apr 30, 2017Updated 8 years ago
- Мутация PE x86☆16Jun 2, 2019Updated 6 years ago
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago
- In-Memory PE Loader☆377Oct 7, 2019Updated 6 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆89Nov 9, 2015Updated 10 years ago
- ☆408Mar 1, 2017Updated 9 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago