JanielDary / ELFieScannerLinks
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
☆84Updated last year
Alternatives and similar repositories for ELFieScanner
Users that are interested in ELFieScanner are comparing it to the libraries listed below
Sorting:
- SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool☆54Updated 8 months ago
- Malware Analysis tools☆26Updated last year
- ☆104Updated 9 months ago
- Vibe Malware Triage - MCP server for static PE analysis.☆70Updated 4 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆121Updated 5 months ago
- A library and a set of tools for exploiting and communicating with Google's Quick Share devices.☆46Updated 5 months ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆83Updated 2 years ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- Cheat sheet to detect and remove linux kernel rootkit☆72Updated 9 months ago
- ☆53Updated 11 months ago
- Make an Linux Kernel rootkit visible again.☆55Updated 6 months ago
- ☆38Updated 6 months ago
- IDA Python scripts☆41Updated 5 months ago
- ☆27Updated 9 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- CVE-2024-30090 - LPE PoC☆108Updated 11 months ago
- Attacking the cleanup_module function of a kernel module☆41Updated 2 months ago
- Linpmem is a linux memory acquisition tool☆88Updated 3 months ago
- ROPDump is a command-line tool designed to analyze binary executables for potential Return-Oriented Programming (ROP) gadgets, buffer ove…☆86Updated last year
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆70Updated last month
- Golang bindings for PE-sieve☆42Updated last year
- bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profes…☆66Updated 2 years ago
- The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.☆64Updated last year
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆42Updated last year
- Proof-of-concept modular implant platform leveraging v8☆56Updated 6 months ago
- ☆113Updated 2 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆38Updated 7 months ago
- ☆108Updated 10 months ago
- ☆38Updated 9 months ago
- In-Memory Rootkit For Linux and BSD☆81Updated last month