axcheron / pycave
Simple tool to find code caves in Portable Executable (PE) files.
☆23Updated 6 years ago
Alternatives and similar repositories for pycave:
Users that are interested in pycave are comparing it to the libraries listed below
- Small visualizator for PE files☆67Updated last year
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆43Updated 3 years ago
- Windows kernel PDB data parsed into YAML☆36Updated 4 months ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- A tool to create COM class/interface relationships in neo4j☆48Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆38Updated 3 years ago
- A DLL that serves OutputDebugString content over a TCP connection☆35Updated 3 years ago
- PE File Blessing - To continue or not to continue☆86Updated 5 years ago
- ☆10Updated 4 years ago
- Winbindex bot to pull in binaries for specific releases☆47Updated last year
- Generates YARA rules to detect malware using API hashing☆17Updated 4 years ago
- Converts exported results of CAPA tool from .json format to another formats supporting by different tools.☆22Updated 3 years ago
- Inject .Net payloads into other .Net assemblies on disk☆61Updated 5 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆41Updated 5 years ago
- A C port of b33f's UrbanBishop☆38Updated 4 years ago
- This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on th…☆15Updated 3 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- Antivirus Emulator Fingerprints☆28Updated 6 years ago
- In 'n Out - See what goes in and comes out of PEs☆34Updated 2 years ago
- .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).☆29Updated 2 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely☆38Updated 5 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- ☆16Updated 3 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Updated 6 years ago
- The repository accompanying the Buer Emulation workshop☆24Updated 3 years ago
- Tools for playing w/ CobaltStrike config - extractin, detection, processing, etc...☆27Updated last year
- ☆23Updated 4 years ago
- Crystal Anti-Exploit Protection 2012☆37Updated 4 years ago
- Bare template for a Kernel Mode Driver☆51Updated 5 years ago