aelth / dementia-forensicsLinks
Proof of concept memory anti-forensic toolkit designed for hiding various artifacts inside the memory dump during memory acquisition on Microsoft Windows operating system
☆12Updated 6 years ago
Alternatives and similar repositories for dementia-forensics
Users that are interested in dementia-forensics are comparing it to the libraries listed below
Sorting:
- Simple PE Packer Which Encrypts .text Section☆50Updated 8 years ago
- A small library helping to parse commandline parameters (for C/C++)☆58Updated 5 months ago
- A simple rootkit to hide a process☆47Updated 11 years ago
- Sysmon shenanigans☆66Updated 5 years ago
- NT AUTHORITY\SYSTEM☆42Updated 5 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Updated 7 years ago
- PoC for hiding PE exports☆67Updated 4 years ago
- Code that can be used as a reference, library, or inspiration for hacking Windows memory.☆53Updated 5 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆37Updated 10 years ago
- ☆17Updated 5 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- PoC for detecting and dumping process hollowing code injection☆52Updated 7 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- A set of small utilities, helpers for PIN tracers☆34Updated 3 weeks ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆27Updated 2 years ago
- Malware vulnerability research. Coming soon..☆12Updated 5 years ago
- Dump mapped PE files from memory to the disk☆20Updated 6 years ago
- vmware-backdoor☆33Updated 4 years ago
- Kernel mode windows NT API logger☆22Updated 6 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Updated 7 years ago
- Neutralize KEPServerEX anti-debugging techniques☆32Updated 2 years ago
- Dodgy reflective DLL injector PoC for 32-bit Windows☆16Updated 7 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆32Updated 6 years ago
- ☆63Updated last year
- ☆18Updated 4 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Updated last year
- Archive of ransomware decryptors☆33Updated 7 years ago
- Data and structures regarding the research done on WdFilter☆12Updated 5 years ago
- A collection of anti disassembly techniques☆19Updated 8 years ago
- Blog posts☆29Updated 5 years ago