ignacioj / WhacAMoleLinks
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆41Updated 10 months ago
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below
Sorting:
- ☆74Updated 2 years ago
- ☆45Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- ☆76Updated last year
- ☆108Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Detect WFP filters blocking EDR communications☆93Updated last year
- Red Team Operation's Defense Evasion Technique.☆53Updated last year
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Finding secrets in kernel and user memory☆116Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- Do some DLL SideLoading magic☆85Updated last year
- ☆78Updated last year
- ☆118Updated last year
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Updated 2 years ago
- API Hammering with C++20☆50Updated 3 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆57Updated last year
- Reverse Engineering and Debugging Malware☆32Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆84Updated 3 weeks ago
- Bypass UAC on Windows 10/11 x64 using ms-settings DelegateExecute registry key.☆77Updated 2 years ago
- A PoC for achieving persistence via push notifications on Windows☆47Updated 2 years ago
- Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.☆6Updated 2 years ago
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆31Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆109Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆55Updated 2 years ago
- .NET tool used to enrich RPC telemetry☆95Updated last month
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆64Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- ☆17Updated 9 months ago