hasherezade/antianalysis_demos external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

hasherezade/antianalysis_demos

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hasherezade/antianalysis_demos)

Close

hasherezade / antianalysis_demosView on GitHubMore

• External links
• Readme badge

Set of antianalysis techniques found in malware

☆133Aug 25, 2023Updated 2 years ago

Alternatives and similar repositories for antianalysis_demos

Users that are interested in antianalysis_demos are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆23May 28, 2021Updated 4 years ago
• hasherezade / pe_utils

  View on GitHub
  A set of small utilities, helpers for PIN tracers
  ☆39Feb 15, 2026Updated last month
• hasherezade / beardisasm

  View on GitHub
  A wrapper for capstone for bearparser
  ☆16Oct 8, 2025Updated 5 months ago
• hasherezade / persistence_demos

  View on GitHub
  Demos of various (also non standard) persistence methods used by malware
  ☆224Mar 5, 2023Updated 3 years ago
• hasherezade / process_chameleon

  View on GitHub
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆100Jun 24, 2021Updated 4 years ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆364Mar 8, 2024Updated 2 years ago
• hasherezade / masm_shc

  View on GitHub
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆187Apr 22, 2025Updated 11 months ago
• jackullrich / TRunPE

  View on GitHub
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆97Sep 26, 2019Updated 6 years ago
• hasherezade / funky_malware_formats

  View on GitHub
  Parsers for custom malware formats ("Funky malware formats")
  ☆98Jan 8, 2022Updated 4 years ago
• securesean / Shim-Process-Scanner

  View on GitHub
  Windows x64 Process Scanner to detect application compatability shims
  ☆37Oct 17, 2018Updated 7 years ago
• hasherezade / challs

  View on GitHub
  My solutions for random crackmes and other challenges
  ☆12Dec 23, 2019Updated 6 years ago
• redplait / pexphide

  View on GitHub
  PoC for hiding PE exports
  ☆67Dec 19, 2020Updated 5 years ago
• hasherezade / chimera_pe

  View on GitHub
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆230Mar 22, 2023Updated 3 years ago
• blaquee / APCHook

  View on GitHub
  hooking KiUserApcDispatcher
  ☆27Apr 3, 2017Updated 8 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• hasherezade / tag_converter

  View on GitHub
  ☆23Feb 3, 2021Updated 5 years ago
• WithSecureLabs / ModuleStomping

  View on GitHub
  https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
  ☆126Sep 19, 2019Updated 6 years ago
• am0nsec / wspe

  View on GitHub
  Windows System Programming Experiments
  ☆221Jun 13, 2022Updated 3 years ago
• forrest-orr / artifacts-kit

  View on GitHub
  Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…
  ☆232Mar 18, 2024Updated 2 years ago
• hasherezade / paramkit

  View on GitHub
  A small library helping to parse commandline parameters (for C/C++)
  ☆57May 25, 2025Updated 10 months ago
• connormcgarr / Shellcode

  View on GitHub
  Various shellcodes
  ☆12Sep 1, 2020Updated 5 years ago
• reevesrs24 / EvasiveProcessHollowing

  View on GitHub
  Evasive Process Hollowing Techniques
  ☆142Aug 16, 2020Updated 5 years ago
• hasherezade / 7ev3n_decoders

  View on GitHub
  Decoders for 7ev3n ransomware
  ☆17Oct 24, 2016Updated 9 years ago
• nickcano / RelocBonus

  View on GitHub
  An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.
  ☆314Oct 18, 2018Updated 7 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• zeroSteiner / reflective-polymorphism

  View on GitHub
  Reflective Polymorphism
  ☆109Jun 29, 2018Updated 7 years ago
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,024Feb 21, 2021Updated 5 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆580Mar 8, 2024Updated 2 years ago
• LloydLabs / dearg-thread-ipc-stealth

  View on GitHub
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆116Feb 27, 2021Updated 5 years ago
• hasherezade / hidden_bee_tools

  View on GitHub
  Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware
  ☆58Aug 6, 2025Updated 7 months ago
• hasherezade / process_doppelganging

  View on GitHub
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆641Aug 30, 2022Updated 3 years ago
• boku7 / HOLLOW

  View on GitHub
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆290Mar 8, 2023Updated 3 years ago
• hasherezade / loaderine

  View on GitHub
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆22Apr 13, 2018Updated 7 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆688Mar 11, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• d35ha / RunPE

  View on GitHub
  An example of PE hollowing injection technique
  ☆26Jun 28, 2019Updated 6 years ago
• HoShiMin / Avanguard

  View on GitHub
  The Win32 Anti-Intrusion Library
  ☆213May 30, 2019Updated 6 years ago
• TRIKbranch / RunPE-X86--X64-

  View on GitHub
  With this RunPE you can easily inject your payload in any x86 or x64 program.
  ☆15Jun 3, 2019Updated 6 years ago
• AvivShabtay / OffensiveWinAPI

  View on GitHub
  My experience using Windows API for offensive purposes
  ☆17Jul 10, 2021Updated 4 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆84Aug 26, 2024Updated last year
• hasherezade / libpeconv_tpl

  View on GitHub
  A ready-made template for a project based on libpeconv.
  ☆52Oct 31, 2025Updated 4 months ago
• rajiv2790 / FalconEye

  View on GitHub
  ☆307May 6, 2021Updated 4 years ago