JanielDary / ELFieScannerLinks
A C++ tool for process memory scanning & suspicious telemetry generation that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits.
☆83Updated last year
Alternatives and similar repositories for ELFieScanner
Users that are interested in ELFieScanner are comparing it to the libraries listed below
Sorting:
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆113Updated 2 months ago
- SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool☆53Updated 5 months ago
- Cheat sheet to detect and remove linux kernel rootkit☆67Updated 6 months ago
- CVE-2024-30090 - LPE PoC☆107Updated 8 months ago
- Malware Analysis tools☆26Updated 9 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 5 years ago
- ☆18Updated this week
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis☆58Updated 9 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆110Updated last month
- ☆100Updated 7 months ago
- ☆39Updated last year
- ☆107Updated 7 months ago
- ☆52Updated 8 months ago
- Lena's scripts/code/resources for malware analysis☆27Updated last year
- ☆59Updated last year
- ROPDump is a command-line tool designed to analyze binary executables for potential Return-Oriented Programming (ROP) gadgets, buffer ove…☆86Updated last year
- Analyse MSI files for vulnerabilities☆137Updated 9 months ago
- Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation☆127Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆100Updated last year
- Make an Linux Kernel rootkit visible again.☆52Updated 3 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆36Updated 4 months ago
- ☆39Updated last year
- Analysis of the vulnerability☆51Updated last year
- GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the func…☆64Updated last month
- A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.☆112Updated last year
- Work, timer, and wait callback example using solely Native Windows APIs.☆89Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 11 months ago
- This repository contains the public work I produced, wheter it is research, post, slides, sometimes videos, and materials of my talks.☆51Updated 2 months ago