hasherezade / hollows_hunterLinks
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
☆2,237Updated 3 weeks ago
Alternatives and similar repositories for hollows_hunter
Users that are interested in hollows_hunter are comparing it to the libraries listed below
Sorting:
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,450Updated 3 weeks ago
- AV/EDR evasion via direct system calls.☆1,930Updated 2 years ago
- Windows kernel and user mode emulation.☆1,760Updated 6 months ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,160Updated 2 years ago
- PE-bear (builds only)☆782Updated 2 years ago
- A Pin Tool for tracing API calls etc☆1,539Updated 3 weeks ago
- Dynamic unpacker based on PE-sieve☆768Updated 3 weeks ago
- DRAKVUF Sandbox - automated hypervisor-level malware analysis system☆1,205Updated last week
- ☆2,147Updated 2 years ago
- Identifies the bytes that Microsoft Defender flags on.☆2,516Updated 2 years ago
- Collaborative Malware Analysis Platform at Scale☆763Updated last week
- A post exploitation framework designed to operate covertly on heavily monitored environments☆2,155Updated 4 years ago
- FakeNet-NG - Next Generation Dynamic Network Analysis Tool☆2,006Updated last month
- AV/EDR evasion via direct system calls.☆1,737Updated 3 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆822Updated 3 years ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,404Updated last year
- Living Off The Land Drivers☆1,295Updated 2 weeks ago
- Converts PE into a shellcode☆2,655Updated last month
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆708Updated 5 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,553Updated 4 years ago
- ☆822Updated 5 years ago
- ☆1,719Updated last year
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆634Updated last week
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,719Updated last week
- Open-Source Shellcode & PE Packer☆2,000Updated last year
- Process Hollowing (Malware Technique)☆1,354Updated this week
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆4,212Updated 2 months ago
- The multi-platform memory acquisition tool.☆845Updated 3 months ago
- C/C++ source obfuscator for antivirus bypass☆1,051Updated 3 years ago
- Noriben - Portable, Simple, Malware Analysis Sandbox☆1,197Updated last month