d4rksystem / VMwareCloak
A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.
☆340Updated 2 months ago
Alternatives and similar repositories for VMwareCloak:
Users that are interested in VMwareCloak are comparing it to the libraries listed below
- A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to …☆289Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆158Updated last month
- Dynamic unpacker based on PE-sieve☆718Updated 2 weeks ago
- Signtool for expired certificates☆473Updated last year
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆736Updated last year
- Living Off The Land Drivers☆1,140Updated last week
- A ProcessMonitor visualization application written in rust.☆177Updated last year
- A GUI and CLI tool for removing bloat from executables☆387Updated 2 months ago
- Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.☆171Updated last week
- PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…☆178Updated 11 months ago
- An automatic unpacker and logger for DotNet Framework targeting files☆252Updated last year
- Assortment of hashing algorithms used in malware☆352Updated 3 weeks ago
- ☆570Updated 4 months ago
- Deobfuscate batch scripts obfuscated using string substitution and escape character techniques.☆157Updated 2 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆387Updated 2 weeks ago
- A small x64 library to load dll's into memory.☆436Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆633Updated 2 years ago
- ☆488Updated last year
- Repository of Yara Rules☆103Updated last month
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆638Updated last year
- PoCs and tools for investigation of Windows process execution techniques☆912Updated 2 weeks ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,076Updated last year
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆488Updated 2 years ago
- Because AV evasion should be easy.☆681Updated 4 months ago
- Important notes and topics on my journey towards mastering Windows Internals☆374Updated 11 months ago
- Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.☆216Updated 9 months ago
- Sleep Obfuscation☆735Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆753Updated 8 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆527Updated 3 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆609Updated 3 weeks ago