aelth / dementia-forensicsLinks
Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on Microsoft Windows operating system
☆11Updated 5 years ago
Alternatives and similar repositories for dementia-forensics
Users that are interested in dementia-forensics are comparing it to the libraries listed below
Sorting:
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 7 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 8 months ago
- A small library helping to parse commandline parameters (for C/C++)☆57Updated last week
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- ☆18Updated 4 years ago
- ☆16Updated 5 years ago
- Data and structures regarding the research done on WdFilter☆12Updated 5 years ago
- ☆15Updated 4 years ago
- ☆13Updated 4 years ago
- ☆22Updated 4 years ago
- A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface☆16Updated 5 years ago
- NT AUTHORITY\SYSTEM☆39Updated 4 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆35Updated 10 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- Blog posts☆30Updated 4 years ago
- Kernel mode windows NT API logger☆22Updated 5 years ago
- Process Hollowing Detection on a live system☆13Updated 7 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆33Updated 3 years ago
- vmware-backdoor☆33Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆29Updated 3 years ago
- Rekall Memory Forensic Framework☆32Updated 5 years ago
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 3 years ago
- ☆31Updated 4 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆33Updated 5 years ago
- Class implementation of PowerLoader injection technique☆31Updated 8 years ago
- A POC for Windows Extension Host hooking☆22Updated 5 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- ☆7Updated 5 years ago
- Manually perform syscalls without going through any external API or DLL.☆18Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year