Official implementation for the paper "On deceiving malware classification with section injection"
☆36Aug 16, 2022Updated 3 years ago
Alternatives and similar repositories for malware-injection
Users that are interested in malware-injection are comparing it to the libraries listed below
Sorting:
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆21Sep 6, 2022Updated 3 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- A script made to validate numerous cryptographic-related vulnerabilities such as: Heartbleed, Logjam, CRIME,POODLE, DROWN, Weak Cipher Su…☆19Jul 25, 2016Updated 9 years ago
- Remote code execution in Power Platform connectors via JSON deserialization☆23Mar 30, 2023Updated 2 years ago
- Injection of MSIL using Cecil☆12Jul 28, 2015Updated 10 years ago
- A fork of https://github.com/SafeBreach-Labs/pinjectra with a practical implementation of Stack Bombing☆29Oct 22, 2020Updated 5 years ago
- A custom SentinelOne USB scanner.☆18Mar 26, 2022Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- Ghidra script which fully parses COFF files☆12Oct 18, 2024Updated last year
- GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.☆11Nov 24, 2023Updated 2 years ago
- Etwti-UnhookPOC just for test☆12Aug 23, 2022Updated 3 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- Click Once + App Domain☆64Feb 23, 2026Updated last week
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆59Dec 15, 2023Updated 2 years ago
- .NET Project for performing Authenticated Remote Execution☆12Nov 22, 2023Updated 2 years ago
- single-threaded event driven sleep obfuscation poc for linux☆38Jun 14, 2025Updated 8 months ago
- A service container for interacting with SRA's VECTR☆16Apr 9, 2025Updated 10 months ago
- Timestomping module: overwrite file create/modify times in .NET (no pinvoke)☆27Dec 13, 2021Updated 4 years ago
- named pipe server with impersonation☆59May 11, 2019Updated 6 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Slide decks and/or materials from conference presentations☆56Nov 15, 2022Updated 3 years ago
- Reverse Engineering and Debugging Malware☆32Feb 27, 2023Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆13Jan 15, 2025Updated last year
- ☆57Apr 19, 2023Updated 2 years ago
- An attempt to detect malware using Opcodes and Hexadecimal Instructions.☆32Sep 6, 2021Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆70Jun 25, 2024Updated last year
- POCs to test Vlang in cybersecurity aspects.☆37Dec 29, 2022Updated 3 years ago
- External C2 Using IE COM Objects☆101Feb 24, 2019Updated 7 years ago
- Incremental Machine Leaning by example - Detecting suspicious activity in real time with Zeek data streams, River and JA3 hashes☆16Aug 10, 2022Updated 3 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago