Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆44Sep 22, 2024Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆15Nov 24, 2022Updated 3 years ago
- ☆11Feb 19, 2023Updated 3 years ago
- $MFT parser (from live systems or a copy of the $MFT) and raw file copy utility☆38Jul 18, 2024Updated last year
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆205Jun 6, 2024Updated 2 years ago
- C# project to Reflectively load .Net assemblies in memory☆19Jun 19, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆140Jul 10, 2025Updated 11 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆23Feb 27, 2025Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆90May 17, 2023Updated 3 years ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.☆21Dec 21, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- ☆36Jan 23, 2025Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆134May 17, 2023Updated 3 years ago
- ☆10Apr 19, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Some stuff for PHD2021☆14May 21, 2025Updated last year
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆35May 8, 2023Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Protect your process like ntoskrnl.exe☆18Jul 8, 2023Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detectio…☆18Jun 22, 2023Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆115Nov 19, 2022Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆132Mar 15, 2024Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A C Implementation for using a new method to invoke undetectable indirect syscalls☆20Dec 2, 2025Updated 6 months ago
- TCP Data Transfer Tool By ClumsyLulz☆12Feb 25, 2023Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Feb 28, 2023Updated 3 years ago
- it's a driver injector or driver loader header lib(Windows)☆13Aug 5, 2023Updated 2 years ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆143Apr 6, 2025Updated last year
- eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features☆103Dec 17, 2025Updated 5 months ago
- ☆21Dec 16, 2023Updated 2 years ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆320Mar 20, 2024Updated 2 years ago
- Inject unsigned DLL into Protected Process Light (PPL)☆42May 8, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆103Jan 21, 2025Updated last year
- Dump the memory of any PPL with a Userland exploit chain☆355Mar 17, 2023Updated 3 years ago
- 学习windows驱动相关☆24Jul 31, 2019Updated 6 years ago
- Implementation of ITaskHandler in C++☆15Feb 11, 2023Updated 3 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆177May 17, 2023Updated 3 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- Generic PE loader for fast prototyping evasion techniques☆246Jul 2, 2024Updated last year