ashemery / REDM
Reverse Engineering and Debugging Malware
☆30Updated 2 years ago
Alternatives and similar repositories for REDM:
Users that are interested in REDM are comparing it to the libraries listed below
- ☆27Updated 5 months ago
- Repo containing my public talks☆23Updated last year
- MITRE TTPs derived from Conti's leaked playbooks from XSS.IS☆37Updated 3 years ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆40Updated 7 months ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆36Updated 2 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆62Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Golang bindings for PE-sieve☆43Updated last year
- ☆45Updated last year
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆62Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- A PoC for achieving persistence via push notifications on Windows☆46Updated last year
- IAT Unhooking proof-of-concept☆29Updated last year
- General malware analysis stuff☆36Updated 8 months ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆55Updated 2 years ago
- Slide decks and/or materials from conference presentations☆56Updated 2 years ago
- ☆20Updated last year
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆81Updated 2 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆66Updated 10 months ago
- quASAR: ASAR manipulation made easy☆37Updated 2 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Updated 3 years ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆21Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 9 months ago
- ☆38Updated 2 years ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52Updated 11 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 9 months ago
- ☆22Updated 11 months ago