hasherezade / pe_unmapper

Related projects ⓘ

Alternatives and complementary repositories for pe_unmapper

• Dump-GUY / IDA_PHNT_TYPES
  Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  ☆115Updated 2 months ago
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆100Updated last year
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆105Updated 2 years ago
• ergrelet / themida-unmutate
  Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
  ☆226Updated 3 months ago
• zer0condition / Demystifying-PatchGuard
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆106Updated last year
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆237Updated 2 years ago
• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆110Updated 4 months ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆70Updated last year
• WithSecureLabs / GarbageMan
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆114Updated last year
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated 10 months ago
• MahmoudZohdy / Process-Injection-Techniques
  Various Process Injection Techniques
  ☆143Updated 2 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆84Updated last year
• carlos-al / user-kernel-syscall-hook
  ☆82Updated 5 months ago
• KasperskyLab / hrtng
  IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformati…
  ☆126Updated 2 weeks ago
• eversinc33 / unKover
  PoC Anti-Rootkit/Anti-Cheat Driver.
  ☆160Updated 2 months ago
• jk45054 / CTF-writeups
  Writeups for CTF challenges
  ☆30Updated last year
• PI-Defender / pi-defender
  Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.
  ☆148Updated 2 years ago
• realoriginal / blacklotus
  A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
  ☆85Updated last year
• zer0condition / ZeroHVCI
  Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…
  ☆178Updated 3 weeks ago
• 4l3x777 / dse_pg_bypass
  DSE & PG bypass via BYOVD attack
  ☆37Updated 7 months ago
• VoidSec / ioctlpus
  IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).
  ☆85Updated 2 years ago
• pathtofile / PPLRunner
  Run Processes as PPL with ELAM
  ☆146Updated 2 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆88Updated 5 months ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆169Updated last year
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆261Updated last month
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆236Updated 7 months ago
• AzzOnFire / emuit
  Easy-to-use IDA plugin for code emulation
  ☆25Updated 6 months ago
• 0mWindyBug / RansomGuard
  anti-ransomware file-system filter
  ☆48Updated 2 months ago
• hfiref0x / WubbabooMark
  Debugger Anti-Detection Benchmark
  ☆291Updated 11 months ago
• kkent030315 / NtSymbol
  Resolve DOS MZ executable symbols at runtime
  ☆93Updated 3 years ago