JanielDary / ELFieScanner
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
☆78Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for ELFieScanner
- ☆24Updated last week
- ☆98Updated 3 weeks ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆95Updated 7 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆82Updated 7 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆63Updated 2 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆43Updated 6 months ago
- Malware Analysis tools☆25Updated 2 months ago
- Analyse MSI files for vulnerabilities☆109Updated 2 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 4 years ago
- Aplos an extremely simple fuzzer for Windows binaries.☆66Updated 7 months ago
- Payload encoding utility to effectively lower payload entropy.☆99Updated this week
- Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation☆124Updated 8 months ago
- ROPDump is a command-line tool designed to analyze binary executables for potential Return-Oriented Programming (ROP) gadgets, buffer ove…☆83Updated 6 months ago
- Tools for analyzing EDR agents☆209Updated 5 months ago
- In-Memory Rootkit For Linux☆64Updated 3 weeks ago
- Construct the payload at runtime using an array of offsets☆58Updated 5 months ago
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆111Updated 6 months ago
- Monarch - The Adversary Emulation Toolkit☆59Updated 10 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆83Updated 9 months ago
- The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.☆54Updated 7 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆111Updated 2 months ago
- ☆124Updated 3 weeks ago
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆38Updated 5 months ago
- ☆95Updated 2 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆110Updated 4 months ago
- CVE-2024-30090 - LPE PoC☆93Updated last month
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆74Updated 3 months ago
- Open Keylogger Hardware Implant - USB & PS2 Keyboards☆56Updated 2 weeks ago
- My shellcodes (or shellcodish-things) written for educational purpose in NASM assembly.☆32Updated 3 months ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year