daddycocoaman / dumpscan
Finding secrets in kernel and user memory
☆114Updated last year
Alternatives and similar repositories for dumpscan:
Users that are interested in dumpscan are comparing it to the libraries listed below
- ☆112Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- Detect strange memory regions and DLLs☆177Updated 3 years ago
- ☆134Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆141Updated 3 years ago
- Simple EDR implementation to demonstrate bypass☆166Updated 4 years ago
- Evasive Process Hollowing Techniques☆136Updated 4 years ago
- It's pointy and it hurts!☆123Updated 2 years ago
- EDRSandblast-GodFault☆250Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆169Updated 2 years ago
- ☆134Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆185Updated last year
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- ☆112Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆204Updated last year
- A fake AMSI Provider which can be used for persistence.☆147Updated 3 years ago
- Do some DLL SideLoading magic☆78Updated last year
- Exploitation of process killer drivers☆196Updated last year
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆99Updated 2 years ago
- Hookers are cooler than patches.☆168Updated 3 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated 2 weeks ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆115Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆111Updated last year
- ☆214Updated 2 years ago