hasherezade / antianalysis_demosView external linksLinks
Set of antianalysis techniques found in malware
☆133Aug 25, 2023Updated 2 years ago
Alternatives and similar repositories for antianalysis_demos
Users that are interested in antianalysis_demos are comparing it to the libraries listed below
Sorting:
- ☆24May 28, 2021Updated 4 years ago
- Demos of various (also non standard) persistence methods used by malware☆224Mar 5, 2023Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆188Apr 22, 2025Updated 9 months ago
- A set of small utilities, helpers for PIN tracers☆36Oct 3, 2025Updated 4 months ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆99Jun 24, 2021Updated 4 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆228Mar 22, 2023Updated 2 years ago
- Windows System Programming Experiments☆223Jun 13, 2022Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- Parsers for custom malware formats ("Funky malware formats")☆98Jan 8, 2022Updated 4 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆126Sep 19, 2019Updated 6 years ago
- hooking KiUserApcDispatcher☆25Apr 3, 2017Updated 8 years ago
- A wrapper for capstone for bearparser☆16Oct 8, 2025Updated 4 months ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…☆233Mar 18, 2024Updated last year
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated last year
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64☆382Apr 17, 2017Updated 8 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆115Feb 27, 2021Updated 4 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆682Mar 11, 2024Updated last year
- The Win32 Anti-Intrusion Library☆213May 30, 2019Updated 6 years ago
- An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.☆314Oct 18, 2018Updated 7 years ago
- Reflective Polymorphism☆109Jun 29, 2018Updated 7 years ago
- Obfuscate specific windows apis with different apis☆1,021Feb 21, 2021Updated 4 years ago
- My solutions for random crackmes and other challenges☆12Dec 23, 2019Updated 6 years ago
- Various shellcodes☆13Sep 1, 2020Updated 5 years ago
- MalUnpack companion driver☆99Jun 17, 2024Updated last year
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆637Aug 30, 2022Updated 3 years ago
- Скрытие Win API☆27Aug 14, 2019Updated 6 years ago
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- Dump mapped PE files from memory to the disk☆20Jun 28, 2019Updated 6 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆292Mar 8, 2023Updated 2 years ago
- ☆83Aug 26, 2024Updated last year
- Tutorial on solving a VM based CrackMe.☆66Jul 23, 2020Updated 5 years ago
- ☆307May 6, 2021Updated 4 years ago
- Inline syscalls made easy for windows on clang☆736Jun 21, 2024Updated last year
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware☆58Aug 6, 2025Updated 6 months ago