JanielDary / ELFieScannerLinks
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
☆85Updated last year
Alternatives and similar repositories for ELFieScanner
Users that are interested in ELFieScanner are comparing it to the libraries listed below
Sorting:
- ☆112Updated 2 weeks ago
- SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool☆57Updated last year
- Vibe Malware Triage - MCP server for static PE analysis.☆74Updated last month
- Malware Analysis tools☆26Updated last year
- Make an Linux Kernel rootkit visible again.☆59Updated 10 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆43Updated last year
- Cheat sheet to detect and remove linux kernel rootkit☆77Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆132Updated 8 months ago
- ☆34Updated last year
- Attacking the cleanup_module function of a kernel module☆55Updated 6 months ago
- Identifies metadata of .NET binary files.☆21Updated last year
- PoC code and tools for Black Hat USA 2024☆24Updated last year
- IDA Python scripts☆40Updated 8 months ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated 2 years ago
- bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security profes…☆67Updated 2 years ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 6 years ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆101Updated 3 months ago
- Aplos an extremely simple fuzzer for Windows binaries.☆68Updated 10 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆124Updated last year
- A library and a set of tools for exploiting and communicating with Google's Quick Share devices.☆47Updated 9 months ago
- ☆63Updated last year
- The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.☆64Updated last year
- Lena's scripts/code/resources for malware analysis☆26Updated last year
- ☆108Updated last year
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆34Updated last year
- Comprehensive Windows Syscall Extraction & Analysis Framework☆159Updated 4 months ago
- Proof-of-concept modular implant platform leveraging v8☆55Updated 9 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆106Updated last year
- Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75��☆40Updated 3 months ago
- ☆58Updated last year