ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆42Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- Deleting Shadow Copies In Pure C++☆115Updated 2 years ago
- ☆107Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Detect WFP filters blocking EDR communications☆94Updated last year
- ☆45Updated 2 years ago
- ☆74Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆90Updated 3 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆130Updated this week
- API Hammering with C++20☆49Updated 3 years ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆85Updated 3 months ago
- ☆77Updated last year
- Red Team Operation's Defense Evasion Technique.☆54Updated last year
- ☆119Updated last year
- Finding secrets in kernel and user memory☆115Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆110Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- ☆80Updated last year
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆57Updated last year
- Do some DLL SideLoading magic☆89Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆50Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆84Updated 2 years ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆73Updated last year
- ☆118Updated 2 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆66Updated 2 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆46Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- EvtPsst☆55Updated 2 years ago