Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆44Sep 22, 2024Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- ☆11Feb 19, 2023Updated 3 years ago
- ☆15Nov 24, 2022Updated 3 years ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆35May 8, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- ☆33Jan 23, 2025Updated last year
- 学习windows驱动相关☆23Jul 31, 2019Updated 6 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- TCP Data Transfer Tool By ClumsyLulz☆12Feb 25, 2023Updated 3 years ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- tools for creating, inspecting and modifying torrent files☆13Jun 1, 2022Updated 3 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆88May 17, 2023Updated 2 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 9 months ago
- ☆11Oct 17, 2020Updated 5 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- Exploring RPC interfaces on Windows☆345Jan 30, 2024Updated 2 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆133May 17, 2023Updated 2 years ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 2 years ago
- idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.update for ida pro 7.7☆16Nov 9, 2023Updated 2 years ago
- Toy implementation of a Automated Exploit Generation built on Angr; stiched using radare, pwntools, pyelftools, and Angrop.☆16Jan 9, 2022Updated 4 years ago
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- Basic Psexec clone, but in golang.☆16Jul 2, 2022Updated 3 years ago
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- dlopen() filelessly a shared object or even a program (and run it).☆56Aug 31, 2023Updated 2 years ago
- Bypass Malware Sandbox Evasion Ram check☆141Jan 3, 2023Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Mar 15, 2024Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- Yet another Windows DLL injector.☆40Nov 17, 2021Updated 4 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- Process Hollowing Detection on a live system☆13Nov 11, 2017Updated 8 years ago
- ☆14Aug 13, 2023Updated 2 years ago
- Papers related with kernel papers☆13Mar 18, 2023Updated 2 years ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆70Sep 6, 2021Updated 4 years ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆38Sep 22, 2024Updated last year
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆319Mar 20, 2024Updated last year
- anti-ransomware file-system filter☆69Sep 3, 2024Updated last year
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year