herrcore / CmdDesktopSwitch
CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to identify and watch malware that has created a hidden desktop.
☆34Updated 8 years ago
Alternatives and similar repositories for CmdDesktopSwitch:
Users that are interested in CmdDesktopSwitch are comparing it to the libraries listed below
- ☆22Updated 4 years ago
- CAPE monitor DLLs☆39Updated 5 years ago
- A simple API monitor for Windbg☆63Updated 7 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆120Updated 4 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- My collection of unpackers for malware packers/crypters☆28Updated 7 years ago
- PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls☆39Updated 9 years ago
- Sample libraries to be used with IAT Patcher☆33Updated 2 years ago
- PCAUSA Rawether for Windows Local Privilege Escalation☆38Updated 8 years ago
- ☆33Updated 7 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆35Updated 7 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Updated 6 years ago
- Hansel - a simple but flexible search for IDA☆26Updated 5 years ago
- A windbg extension for ASLR/DEP/SafeSEH check☆25Updated 6 years ago
- Handy scripts to speed up malware analysis☆35Updated last year
- Use this library to automatically extract PE files compressed with aplib from a binary blob.☆34Updated 5 years ago
- Blog posts☆30Updated 4 years ago
- Anti-AV compilation☆42Updated 11 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- ☆44Updated 6 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆35Updated 4 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆75Updated 10 years ago
- A simple utility to list all methods of a given .NET Assembly and to invoke them☆73Updated 3 years ago
- This is a simple tool to dump all the reparse points on an NTFS volume.☆33Updated 4 years ago
- Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation☆25Updated 6 years ago
- Archive of ransomware decryptors☆29Updated 7 years ago
- A small library helping to parse commandline parameters (for C/C++)☆56Updated last year
- Anti-technique Codes, Detection of Anti-technique codes☆38Updated 11 years ago
- ☆45Updated 6 years ago