PhrozenIO / PsyloDbg
User-friendly Microsoft Windows Debugger for Malware Analysts.
☆198Updated 2 years ago
Alternatives and similar repositories for PsyloDbg
Users that are interested in PsyloDbg are comparing it to the libraries listed below
Sorting:
- Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.☆220Updated 11 months ago
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆123Updated last year
- Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.☆124Updated 3 years ago
- Recon 2023 slides and code☆79Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆160Updated last month
- Advanced driver monitoring utility.☆209Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 10 months ago
- ☆114Updated last week
- A dynamic unpacking tool☆134Updated last year
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆360Updated 4 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆209Updated 2 years ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆275Updated 9 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆138Updated 2 years ago
- A collection of small scripts and tools for deobfuscation and malware analysis.☆66Updated 2 years ago
- MalUnpack companion driver☆98Updated 10 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆143Updated 9 months ago
- Admin to Kernel code execution using the KSecDD driver☆249Updated last year
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆388Updated last week
- My notes while studying Windows exploitation☆188Updated last year
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆143Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆293Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆279Updated 7 months ago
- A small x64 library to load dll's into memory.☆437Updated last year
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆285Updated last year
- Various Process Injection Techniques☆148Updated 2 years ago
- Yet another variant of Process Hollowing☆392Updated 3 months ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆301Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆228Updated last year