ignacioj / WhacAMole
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆26Updated last month
Related projects ⓘ
Alternatives and complementary repositories for WhacAMole
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- ☆68Updated 2 years ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 2 years ago
- ☆44Updated last year
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆62Updated 2 years ago
- Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.☆79Updated 6 months ago
- ☆22Updated 11 months ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆87Updated last year
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- A collection of source code, binaries, and compilation scripts designed to bypass detection☆25Updated last year
- Repo containing my public talks☆22Updated last year
- Simple PowerShell script to enable process scanning with Yara.☆90Updated 2 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆65Updated 4 months ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.☆56Updated 2 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆34Updated last year
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆59Updated 2 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆79Updated 8 months ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆53Updated 2 years ago
- SharpShareFinder is a minimalistic network share discovery POC designed to enumerate shares in Windows Active Directory networks leveragi…☆21Updated 4 months ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆58Updated last year
- A proof-of-concept re-assembler for reverse VNC traffic.☆25Updated last year
- Find .net assemblies locally☆88Updated 2 years ago
- MITRE TTPs derived from Conti's leaked playbooks from XSS.IS☆35Updated 3 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆29Updated 2 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆61Updated 2 years ago
- ☆37Updated 2 years ago
- Offensive tool for fileless lateral movement on Windows networks☆24Updated 6 months ago
- Yara Rules for Modern Malware☆67Updated 8 months ago