daddycocoaman / dumpscanLinks
Finding secrets in kernel and user memory
☆116Updated last year
Alternatives and similar repositories for dumpscan
Users that are interested in dumpscan are comparing it to the libraries listed below
Sorting:
- ☆119Updated last year
- ☆113Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 3 years ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆145Updated 4 years ago
- Detect strange memory regions and DLLs☆184Updated 3 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆106Updated 4 months ago
- EDRSandblast-GodFault☆266Updated last year
- ☆136Updated 2 years ago
- ☆155Updated 6 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆314Updated last year
- Exploitation of process killer drivers☆201Updated last year
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- Evasive Process Hollowing Techniques☆141Updated 4 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆213Updated 2 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- ☆142Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago
- It's pointy and it hurts!☆126Updated 2 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- ETW based POC to identify direct and indirect syscalls☆187Updated 2 years ago
- ☆75Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆108Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 11 months ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆101Updated 3 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- Beacon Object File Loader☆287Updated last year
- Simple EDR that injects a DLL into a process to place a hook on specific Windows API☆93Updated last year