ignacioj / WhacAMole
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆26Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for WhacAMole
- Simple PowerShell script to enable process scanning with Yara.☆90Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆60Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- Repo containing my public talks☆22Updated last year
- Create a cool process tree like https://twitter.com/ACEResponder.☆34Updated last year
- ☆68Updated 2 years ago
- ☆44Updated last year
- Small tool to play with IOCs caused by Imageload events☆38Updated last year
- Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.☆80Updated 6 months ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆53Updated 2 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆30Updated 2 years ago
- Triaging Windows event logs based on SANS Poster☆37Updated last year
- ☆37Updated 7 months ago
- SharpShareFinder is a minimalistic network share discovery POC designed to enumerate shares in Windows Active Directory networks leveragi…☆21Updated 4 months ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆65Updated 5 months ago
- ☆22Updated 11 months ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Unchain AMSI by patching the provider’s unmonitored memory space☆88Updated 2 years ago
- Yara Rules for Modern Malware☆68Updated 8 months ago
- Reverse Engineering and Debugging Malware☆30Updated last year
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆51Updated 2 years ago
- Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.☆57Updated 2 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- ☆31Updated 2 years ago
- ☆51Updated 3 years ago
- Find .net assemblies locally☆92Updated 2 years ago