daddycocoaman / dumpscan
Finding secrets in kernel and user memory
☆115Updated last year
Alternatives and similar repositories for dumpscan:
Users that are interested in dumpscan are comparing it to the libraries listed below
- ☆112Updated 2 years ago
- ☆114Updated last year
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆171Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆142Updated 4 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆169Updated 2 years ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- ☆135Updated 2 years ago
- It's pointy and it hurts!☆124Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆141Updated 10 months ago
- Infect Shared Files In Memory for Lateral Movement☆194Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆118Updated 9 months ago
- Detect strange memory regions and DLLs☆180Updated 3 years ago
- Evasive Process Hollowing Techniques☆137Updated 4 years ago
- Do some DLL SideLoading magic☆79Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- ☆133Updated last year
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆99Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated last month
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆205Updated last year
- EDRSandblast-GodFault☆257Updated last year
- Run Your Payload Without Running Your Payload☆180Updated 2 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆138Updated 2 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- ETW based POC to identify direct and indirect syscalls☆181Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆90Updated last year
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago