ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆41Updated 9 months ago
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆75Updated 2 years ago
- ☆45Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 2 years ago
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆36Updated 4 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 11 months ago
- ☆75Updated 10 months ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆43Updated last month
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 6 months ago
- ☆119Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆80Updated 9 months ago
- a tiny program to consume from ETW providers for research☆49Updated 5 months ago
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 2 years ago
- ☆20Updated last year
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆63Updated 5 months ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- Detect WFP filters blocking EDR communications☆91Updated last year
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆62Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆84Updated 2 years ago
- Repo containing my public talks☆23Updated 2 years ago
- C# version of NTLMRawUnHide☆72Updated 2 years ago
- ☆23Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆48Updated last year
- Red Team Operation's Defense Evasion Technique.☆53Updated last year