aelth / dementia-forensicsLinks
Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on Microsoft Windows operating system
☆12Updated 6 years ago
Alternatives and similar repositories for dementia-forensics
Users that are interested in dementia-forensics are comparing it to the libraries listed below
Sorting:
- Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware☆56Updated last month
- A simple rootkit to hide a process☆47Updated 11 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Updated 7 years ago
- Sysmon shenanigans☆66Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆58Updated 4 months ago
- A set of small utilities, helpers for PIN tracers☆33Updated last year
- NT AUTHORITY\SYSTEM☆39Updated 5 years ago
- Neutralize KEPServerEX anti-debugging techniques☆32Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆37Updated 10 years ago
- Code that can be used as a reference, library, or inspiration for hacking Windows memory.☆53Updated 5 years ago
- Blog posts☆30Updated 5 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- PoC for hiding PE exports☆67Updated 4 years ago
- PoC for detecting and dumping process hollowing code injection☆52Updated 6 years ago
- Simple PE Packer Which Encrypts .text Section☆50Updated 8 years ago
- ☆17Updated 5 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆27Updated 2 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74Updated 4 years ago
- Exploits I've authored☆60Updated 6 years ago
- Small visualizator for PE files☆70Updated 2 years ago
- ☆18Updated 4 years ago
- An IDA plugin to deal with Event Tracing for Windows (ETW)☆55Updated 3 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆62Updated last year
- Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.☆66Updated 3 years ago
- Ammyy v3 Source Code leak , with ❤️ <3☆40Updated 8 years ago
- Windows kernel PDB data parsed into YAML☆41Updated 10 months ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆33Updated 6 years ago
- SoulExtraction is a windows driver library for extracting cert information in windows drivers☆24Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆49Updated 7 months ago