hasherezade / mal_unpack
Dynamic unpacker based on PE-sieve
☆650Updated 6 months ago
Related projects: ⓘ
- A Pin Tool for tracing API calls etc☆1,268Updated 3 weeks ago
- Quickly debug shellcode extracted during malware analysis☆547Updated last year
- Obfuscate specific windows apis with different apis☆978Updated 3 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆576Updated 2 years ago
- PE-bear (builds only)☆765Updated last year
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆678Updated 4 years ago
- ☆780Updated 4 years ago
- Assortment of hashing algorithms used in malware☆323Updated 2 months ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆658Updated 6 months ago
- A Binary Genetic Traits Lexer Framework☆385Updated 9 months ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆727Updated 7 months ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,081Updated last year
- AV/EDR evasion via direct system calls.☆1,772Updated last year
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆722Updated 2 years ago
- Malduck is your ducky companion in malware analysis journeys☆313Updated 3 months ago
- Windows process injection methods☆122Updated last year
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆785Updated 2 years ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,082Updated last week
- Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into ca…☆376Updated 2 months ago
- Original C Implementation of the Hell's Gate VX Technique☆932Updated 3 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆627Updated 6 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆568Updated 4 months ago
- AV/EDR evasion via direct system calls.☆1,518Updated 2 years ago
- Portable Executable parsing library (from PE-bear)☆648Updated 3 weeks ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆760Updated 3 years ago
- Some of my publicly available Malware analysis and Reverse engineering.☆745Updated 3 months ago
- Standard collection of rules for capa: the tool for enumerating the capabilities of programs☆518Updated this week
- My notes while studying Windows internals☆388Updated last week
- "Screwed Drivers" centralized information source for code references, links, etc.☆334Updated 4 years ago
- Time Travel Debugging IDA plugin☆551Updated 2 months ago