ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆42Updated 11 months ago
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- Finding secrets in kernel and user memory☆116Updated last year
- ☆74Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆86Updated last month
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated 2 years ago
- ☆108Updated 2 years ago
- ☆76Updated last year
- Red Team Operation's Defense Evasion Technique.☆55Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Detect WFP filters blocking EDR communications☆93Updated last year
- ☆45Updated last year
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆65Updated 8 months ago
- Default Detections for EDR☆96Updated last year
- ☆68Updated 2 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- Golang bindings for PE-sieve☆42Updated last year
- Repo containing my public talks☆23Updated 2 years ago
- Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.☆77Updated 2 years ago
- ☆120Updated last year
- Reverse Engineering and Debugging Malware☆32Updated 2 years ago
- ☆79Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- ☆108Updated 9 months ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆65Updated last year
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆37Updated 6 months ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆57Updated last year
- ☆59Updated last year
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Updated 2 years ago