aelth / dementia-forensicsLinks
Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on Microsoft Windows operating system
☆12Updated 5 years ago
Alternatives and similar repositories for dementia-forensics
Users that are interested in dementia-forensics are comparing it to the libraries listed below
Sorting:
- ☆18Updated 4 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆35Updated 10 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 7 years ago
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 9 months ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆34Updated 3 years ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆37Updated last year
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Rekall Memory Forensic Framework☆32Updated 5 years ago
- ☆15Updated 4 years ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Updated last year
- With this RunPE you can easily inject your payload in any x86 or x64 program.☆14Updated 6 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- Manually perform syscalls without going through any external API or DLL.☆18Updated 2 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆71Updated 4 years ago
- Data and structures regarding the research done on WdFilter☆12Updated 5 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- ☆16Updated 5 years ago
- ☆29Updated 3 years ago
- allowing um r/w through km from um ioctl ™☆11Updated 3 years ago
- Listing UDP connections with remote address without sniffing.☆29Updated last year
- vmware-backdoor☆33Updated 3 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- Simple PE Packer Which Encrypts .text Section☆51Updated 8 years ago
- Class implementation of PowerLoader injection technique☆31Updated 8 years ago
- ☆13Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆57Updated last month
- UEFI bootkit: Hardware Implant. In-Progress☆16Updated 3 years ago