Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
☆44Sep 22, 2024Updated last year
Alternatives and similar repositories for WhacAMole
Users that are interested in WhacAMole are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆15Nov 24, 2022Updated 3 years ago
- ☆11Feb 19, 2023Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- C# project to Reflectively load .Net assemblies in memory☆19Jun 19, 2024Updated last year
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆139Jul 10, 2025Updated 9 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆23Feb 27, 2025Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆90May 17, 2023Updated 2 years ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.☆21Dec 21, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- ☆36Jan 23, 2025Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆134May 17, 2023Updated 2 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 11 months ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆35May 8, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 3 years ago
- Protect your process like ntoskrnl.exe☆18Jul 8, 2023Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- BasicEventViewer4 (BEV v4.0), this code will useful for All Blue/Purple Teams , RealTime Monitoring Sysmon Events , Mitre Attack Detectio…☆19Jun 22, 2023Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆115Nov 19, 2022Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆131Mar 15, 2024Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- A C Implementation for using a new method to invoke undetectable indirect syscalls☆20Dec 2, 2025Updated 5 months ago
- TCP Data Transfer Tool By ClumsyLulz☆12Feb 25, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆97Jan 21, 2025Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆144Apr 6, 2025Updated last year
- ☆22Dec 16, 2023Updated 2 years ago
- eXtensiable Malware Toolkit: Full Featured Golang C2 Framework with Awesome Features☆104Dec 17, 2025Updated 4 months ago
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆321Mar 20, 2024Updated 2 years ago
- Inject unsigned DLL into Protected Process Light (PPL)☆42May 8, 2025Updated 11 months ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- 学习windows驱动相关☆24Jul 31, 2019Updated 6 years ago
- Change hash for a signed pe☆18Jul 18, 2023Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆173May 17, 2023Updated 2 years ago
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback☆67Sep 15, 2022Updated 3 years ago