Kirandawadi / volatility3-mcpLinks
Volatility3 MCP Server for automating Memory Forensics
☆13Updated 4 months ago
Alternatives and similar repositories for volatility3-mcp
Users that are interested in volatility3-mcp are comparing it to the libraries listed below
Sorting:
- VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…☆22Updated 8 months ago
- kernel callback removal (Bypassing EDR Detections)☆201Updated 2 weeks ago
- early cascade injection PoC based on Outflanks blog post☆232Updated last year
- A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections,…☆86Updated last month
- Collect Windows telemetry for Maldev☆437Updated 3 weeks ago
- ☆17Updated 2 months ago
- ☆378Updated 5 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆260Updated last year
- Shellcode IDE — makes developing and analyzing shellcode much more convenient.☆104Updated last week
- Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.☆562Updated 2 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆272Updated last year
- AV/EDR Lab environment setup references to help in Malware development☆412Updated 9 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆249Updated 3 months ago
- Source code for complete MALicious softWARE books I & II☆58Updated last month
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆452Updated last month
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆333Updated last year
- Code execution/injection technique using DLL PEB module structure manipulation☆216Updated 5 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆315Updated last year
- ☆122Updated 8 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆276Updated last year
- Process Injection using Thread Name☆281Updated 7 months ago
- Injecting DLL into LSASS at boot☆145Updated 7 months ago
- Windows rootkit designed to work with BYOVD exploits☆211Updated 10 months ago
- ☆407Updated 11 months ago
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆121Updated 11 months ago
- Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls☆196Updated 3 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆287Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆357Updated last year
- ☆268Updated 2 years ago
- 🧠 The ultimate, community-curated resource for Beacon Object Files (BOFs) — tutorials, how-tos, deep dives, and reference materials.☆91Updated last week