ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆41Updated 8 months ago
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- ☆75Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- ☆45Updated last year
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 2 years ago
- Detect WFP filters blocking EDR communications☆89Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆79Updated 9 months ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆48Updated last year
- ☆23Updated last year
- ☆119Updated last year
- Browse Windows Prefetch versions: 17,23,26,30v1/2,31 & some of SuperFetch .7db/.db's☆62Updated 5 months ago
- Repo containing my public talks☆23Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Vibe Malware Triage - MCP server for static PE analysis.☆47Updated 2 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 10 months ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- a tiny program to consume from ETW providers for research☆48Updated 5 months ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆41Updated last year
- ☆69Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆83Updated 2 years ago
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- Default Detections for EDR☆96Updated last year
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆56Updated 2 years ago
- ☆158Updated last month
- Do some DLL SideLoading magic☆83Updated last year
- ☆67Updated 2 years ago
- ☆75Updated 9 months ago