herrcore / CmdDesktopSwitch
CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to identify and watch malware that has created a hidden desktop.
☆33Updated 8 years ago
Related projects ⓘ
Alternatives and complementary repositories for CmdDesktopSwitch
- A ready-made template for a project based on libpeconv.☆40Updated 2 weeks ago
- CAPE monitor DLLs☆38Updated 4 years ago
- ☆21Updated 3 years ago
- A simple API monitor for Windbg☆62Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- DLL Injection Library & Tools☆70Updated 8 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆73Updated 10 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 6 years ago
- Sample libraries to be used with IAT Patcher☆33Updated 2 years ago
- Flare-On solutions☆36Updated 5 years ago
- Anti-technique Codes, Detection of Anti-technique codes☆37Updated 11 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls☆39Updated 8 years ago
- ☆33Updated 7 years ago
- A simple utility to list all methods of a given .NET Assembly and to invoke them☆71Updated 3 years ago
- A small library helping to parse commandline parameters (for C/C++)☆53Updated last year
- IDAPython scripts☆15Updated 7 years ago
- Windows x64 Process Scanner to detect application compatability shims☆36Updated 6 years ago
- ☆16Updated 7 years ago
- Go Lang Portable Executable Parser☆37Updated 3 years ago
- Use this library to automatically extract PE files compressed with aplib from a binary blob.☆32Updated 5 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- Anti-AV compilation☆42Updated 11 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆43Updated 7 years ago
- A session-0 capable dll injection utility☆76Updated 6 years ago
- Decodes PlugX traffic and encrypted/compressed artifacts☆38Updated 11 years ago
- Blog posts☆30Updated 4 years ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 6 years ago
- Two tools used during our analysis of the Microsoft binary injection mitigation implemented in Edge TH2.☆53Updated 7 years ago