ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆42Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- ☆74Updated 2 years ago
- Finding secrets in kernel and user memory☆116Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 3 years ago
- ☆45Updated last year
- Detect WFP filters blocking EDR communications☆93Updated last year
- ☆77Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆86Updated 2 months ago
- Red Team Operation's Defense Evasion Technique.☆55Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated last year
- Deleting Shadow Copies In Pure C++☆115Updated 2 years ago
- ☆80Updated last year
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 3 years ago
- Do some DLL SideLoading magic☆86Updated 2 years ago
- ☆60Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆121Updated last year
- Reverse Engineering and Debugging Malware☆32Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆87Updated 3 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- ☆68Updated 2 years ago
- ☆108Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆64Updated 3 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆124Updated this week
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Updated 9 months ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 10 months ago
- Windows Persistence Toolkit in C#☆37Updated 3 years ago
- malleable profile generator GUI for Havoc☆55Updated 2 years ago