Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆44Sep 22, 2024Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆15Nov 24, 2022Updated 3 years ago
- ☆11Feb 19, 2023Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- C# project to Reflectively load .Net assemblies in memory☆19Jun 19, 2024Updated last year
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆139Jul 10, 2025Updated 9 months ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆23Feb 27, 2025Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆89May 17, 2023Updated 2 years ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.☆21Dec 21, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- ☆35Jan 23, 2025Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆134May 17, 2023Updated 2 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 10 months ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆35May 8, 2023Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Protect your process like ntoskrnl.exe☆18Jul 8, 2023Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detectio…☆19Jun 22, 2023Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆115Nov 19, 2022Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆131Mar 15, 2024Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- A C Implementation for using a new method to invoke undetectable indirect syscalls☆20Dec 2, 2025Updated 4 months ago
- TCP Data Transfer Tool By ClumsyLulz☆12Feb 25, 2023Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆97Jan 21, 2025Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- ☆22Dec 16, 2023Updated 2 years ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆140Apr 6, 2025Updated last year
- eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features☆104Dec 17, 2025Updated 3 months ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆320Mar 20, 2024Updated 2 years ago
- Inject unsigned DLL into Protected Process Light (PPL)☆41May 8, 2025Updated 11 months ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- 学习windows驱动相关☆24Jul 31, 2019Updated 6 years ago
- Change hash for a signed pe☆18Jul 18, 2023Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆173May 17, 2023Updated 2 years ago
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback☆68Sep 15, 2022Updated 3 years ago