daddycocoaman / dumpscan
Finding secrets in kernel and user memory
☆115Updated last year
Alternatives and similar repositories for dumpscan:
Users that are interested in dumpscan are comparing it to the libraries listed below
- ☆113Updated last year
- ☆112Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆153Updated 2 years ago
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- Do some DLL SideLoading magic☆79Updated last year
- ☆135Updated 2 years ago
- ☆134Updated last year
- ☆78Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆205Updated last year
- EDRSandblast-GodFault☆250Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆90Updated last year
- ☆148Updated 3 months ago
- ☆214Updated 2 years ago
- Detect strange memory regions and DLLs☆180Updated 3 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- Experiment on reproducing Obfuscate & Sleep☆141Updated 4 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆169Updated 2 years ago
- Simple EDR implementation to demonstrate bypass☆169Updated 4 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆111Updated last year
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆203Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- Beacon Object File Loader☆282Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- ☆182Updated 2 years ago