PhrozenIO / PsyloDbg
User-friendly Microsoft Windows Debugger for Malware Analysts.
☆190Updated 2 years ago
Alternatives and similar repositories for PsyloDbg:
Users that are interested in PsyloDbg are comparing it to the libraries listed below
- Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.☆188Updated 7 months ago
- Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.☆116Updated 3 years ago
- Advanced driver monitoring utility.☆202Updated 2 years ago
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆116Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆269Updated 3 months ago
- Recon 2023 slides and code☆79Updated last year
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows.☆200Updated 2 years ago
- My notes while studying Windows exploitation☆184Updated last year
- ☆111Updated last month
- A dynamic unpacking tool☆130Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 6 months ago
- Tools and PoCs for Windows syscall investigation.☆356Updated last week
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆227Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆198Updated last year
- Patching "signtool.exe" to accept expired certificates for code-signing.☆275Updated 5 months ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆115Updated last year
- A tutorial on how to write a packer for Windows!☆251Updated last year
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆460Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆246Updated 9 months ago
- Generate a proxy dll for arbitrary dll☆158Updated 3 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆294Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆147Updated last week
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆330Updated 7 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆243Updated 2 years ago
- TartarusGate, Bypassing EDRs☆557Updated 2 years ago
- Important notes and topics on my journey towards mastering Windows Internals☆357Updated 8 months ago
- Advanced static analysis tool☆86Updated last month
- An automatic unpacker and logger for DotNet Framework targeting files☆250Updated last year
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆133Updated 2 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆138Updated 2 years ago