Alternatives and similar repositories for antianalysis_demos

Users that are interested in antianalysis_demos are comparing it to the libraries listed below

• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆24May 28, 2021Updated 4 years ago
• hasherezade / persistence_demos

  View on GitHub
  Demos of various (also non standard) persistence methods used by malware
  ☆224Mar 5, 2023Updated 2 years ago
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• hasherezade / masm_shc

  View on GitHub
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆188Apr 22, 2025Updated 9 months ago
• hasherezade / pe_utils

  View on GitHub
  A set of small utilities, helpers for PIN tracers
  ☆36Oct 3, 2025Updated 4 months ago
• redplait / pexphide

  View on GitHub
  PoC for hiding PE exports
  ☆67Dec 19, 2020Updated 5 years ago
• hasherezade / process_chameleon

  View on GitHub
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆99Jun 24, 2021Updated 4 years ago
• securesean / Shim-Process-Scanner

  View on GitHub
  Windows x64 Process Scanner to detect application compatability shims
  ☆37Oct 17, 2018Updated 7 years ago
• hasherezade / chimera_pe

  View on GitHub
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆228Mar 22, 2023Updated 2 years ago
• am0nsec / wspe

  View on GitHub
  Windows System Programming Experiments
  ☆223Jun 13, 2022Updated 3 years ago
• jackullrich / TRunPE

  View on GitHub
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆97Sep 26, 2019Updated 6 years ago
• hasherezade / funky_malware_formats

  View on GitHub
  Parsers for custom malware formats ("Funky malware formats")
  ☆98Jan 8, 2022Updated 4 years ago
• WithSecureLabs / ModuleStomping

  View on GitHub
  https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
  ☆126Sep 19, 2019Updated 6 years ago
• blaquee / APCHook

  View on GitHub
  hooking KiUserApcDispatcher
  ☆25Apr 3, 2017Updated 8 years ago
• hasherezade / beardisasm

  View on GitHub
  A wrapper for capstone for bearparser
  ☆16Oct 8, 2025Updated 4 months ago
• reevesrs24 / EvasiveProcessHollowing

  View on GitHub
  Evasive Process Hollowing Techniques
  ☆142Aug 16, 2020Updated 5 years ago
• forrest-orr / artifacts-kit

  View on GitHub
  Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…
  ☆233Mar 18, 2024Updated last year
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated last year
• BreakingMalware / PowerLoaderEx

  View on GitHub
  PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
  ☆382Apr 17, 2017Updated 8 years ago
• LloydLabs / dearg-thread-ipc-stealth

  View on GitHub
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆115Feb 27, 2021Updated 4 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• HoShiMin / Avanguard

  View on GitHub
  The Win32 Anti-Intrusion Library
  ☆213May 30, 2019Updated 6 years ago
• nickcano / RelocBonus

  View on GitHub
  An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.
  ☆314Oct 18, 2018Updated 7 years ago
• zeroSteiner / reflective-polymorphism

  View on GitHub
  Reflective Polymorphism
  ☆109Jun 29, 2018Updated 7 years ago
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,021Feb 21, 2021Updated 4 years ago
• hasherezade / challs

  View on GitHub
  My solutions for random crackmes and other challenges
  ☆12Dec 23, 2019Updated 6 years ago
• connormcgarr / Shellcode

  View on GitHub
  Various shellcodes
  ☆13Sep 1, 2020Updated 5 years ago
• hasherezade / mal_unpack_drv

  View on GitHub
  MalUnpack companion driver
  ☆99Jun 17, 2024Updated last year
• hasherezade / process_doppelganging

  View on GitHub
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆637Aug 30, 2022Updated 3 years ago
• XShar / Win_API_Obfuscation

  View on GitHub
  Скрытие Win API
  ☆27Aug 14, 2019Updated 6 years ago
• AvivShabtay / OffensiveWinAPI

  View on GitHub
  My experience using Windows API for offensive purposes
  ☆17Jul 10, 2021Updated 4 years ago
• d35ha / DumpPE

  View on GitHub
  Dump mapped PE files from memory to the disk
  ☆20Jun 28, 2019Updated 6 years ago
• boku7 / HOLLOW

  View on GitHub
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆292Mar 8, 2023Updated 2 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆83Aug 26, 2024Updated last year
• mike1k / solving-vm-crackme-1

  View on GitHub
  Tutorial on solving a VM based CrackMe.
  ☆66Jul 23, 2020Updated 5 years ago
• rajiv2790 / FalconEye

  View on GitHub
  ☆307May 6, 2021Updated 4 years ago
• JustasMasiulis / inline_syscall

  View on GitHub
  Inline syscalls made easy for windows on clang
  ☆736Jun 21, 2024Updated last year
• yardenshafir / SymlinkCallback

  View on GitHub
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆110Apr 24, 2020Updated 5 years ago
• hasherezade / hidden_bee_tools

  View on GitHub
  Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware
  ☆58Aug 6, 2025Updated 6 months ago