PACHAKUTlQ / ThreatCheckLinks
A malware-analysis tool that identify the exact position and details of malicious content in binary files using external Anti-Virus scanners. Supports all AV scanners.
☆32Updated last year
Alternatives and similar repositories for ThreatCheck
Users that are interested in ThreatCheck are comparing it to the libraries listed below
Sorting:
- ☆86Updated 2 years ago
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆99Updated 7 months ago
- A simple Sleepmask BOF example☆132Updated 2 months ago
- XOR decrypting shellcode using the GPU with OpenCL.☆109Updated 2 months ago
- Generic PE loader for fast prototyping evasion techniques☆233Updated last year
- bring your own vulnerable driver☆102Updated 2 years ago
- Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique☆72Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆273Updated last year
- Template-based generation of shellcode loaders☆78Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆228Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆194Updated 2 years ago
- TypeLib persistence technique☆119Updated 9 months ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆188Updated 2 months ago
- Exploitation of echo_driver.sys☆170Updated last year
- ApexLdr is a DLL Payload Loader written in C☆111Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆173Updated 2 years ago
- Bypass LSA protection using the BYODLL technique☆167Updated 10 months ago
- This repository implements Threadless Injection in C☆169Updated last year
- Reflective DLL Injection Made Bella☆232Updated 7 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆162Updated last year
- Exploitation of process killer drivers☆202Updated last year
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆168Updated 5 months ago
- Shellcode loader☆91Updated 8 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆83Updated 2 years ago
- Execute shellcode files with rundll32☆206Updated last year
- A COFF Loader written in Rust☆118Updated 3 weeks ago
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆234Updated last month
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago