linux elf injector for x86 x86_64 arm arm64
☆346May 31, 2018Updated 7 years ago
Alternatives and similar repositories for mandibule
Users that are interested in mandibule are comparing it to the libraries listed below
Sorting:
- Inject ELF into remote process☆152Oct 20, 2023Updated 2 years ago
- ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD☆112Apr 8, 2020Updated 5 years ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- Tool for injecting a shared object into a Linux process☆1,221Feb 23, 2022Updated 4 years ago
- Arbitrary code execution with kernel privileges using CVE-2018-8897.☆421May 18, 2018Updated 7 years ago
- ☆46Jun 14, 2018Updated 7 years ago
- Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools☆449Jan 26, 2026Updated last month
- HAXM hypervisor client☆18Nov 30, 2018Updated 7 years ago
- Reflective SO injection is a library injection technique in which the concept of reflective programming is employed to perform the loadin…☆117Aug 22, 2016Updated 9 years ago
- A project that aims to automatically devirtualize code that has been virtualized using x86virt☆126Dec 3, 2022Updated 3 years ago
- A collection of LLVM transform and analysis passes to write shellcode in regular C☆380Jun 12, 2023Updated 2 years ago
- Linux based inter-process code injection without ptrace(2)☆257Aug 24, 2017Updated 8 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Aug 14, 2018Updated 7 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Updated this week
- CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation☆83Mar 13, 2019Updated 6 years ago
- FLARE Kernel Shellcode Loader☆178May 3, 2019Updated 6 years ago
- Post module for Metasploit to execute ELF in memory☆86Nov 23, 2018Updated 7 years ago
- PoC of injecting code into a running Linux process☆23Sep 11, 2019Updated 6 years ago
- arm_now is a qemu powered tool that allows instant setup of virtual machines on arm cpu, mips, powerpc, nios2, x86 and more, for reverse,…☆889Sep 16, 2022Updated 3 years ago
- ☆54Aug 13, 2018Updated 7 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- Virtual Machine Introspection, Tracing & Debugging☆596Feb 22, 2022Updated 4 years ago
- A Fuzzer for Windows NDIS Drivers OID Handlers☆96Nov 4, 2021Updated 4 years ago
- An minifilter-based transparent encryptor on Windows.☆30Feb 27, 2017Updated 9 years ago
- Code injector for ELF binaries (incl. PIE)☆28Sep 17, 2017Updated 8 years ago
- 基于WinDivert实现的一个包过滤与截断程序☆13Jul 22, 2018Updated 7 years ago
- Utility for dumping all the information Capstone has on given instructions.☆23Oct 1, 2021Updated 4 years ago
- ☆164May 18, 2018Updated 7 years ago
- Windows build files for the VMHunt Intel PIN Trace tool☆19Nov 26, 2018Updated 7 years ago
- Simple 32/64-bit PEs loader.☆139Dec 19, 2018Updated 7 years ago
- hook msr by amd svm☆125Dec 30, 2019Updated 6 years ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,270May 1, 2024Updated last year
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆333Mar 26, 2024Updated last year
- fireELF - Fileless Linux Malware Framework☆679Apr 17, 2019Updated 6 years ago
- PoC for CVE-2019-0888 - Use-After-Free in Windows ActiveX Data Objects (ADO)☆40Jul 9, 2019Updated 6 years ago
- Yet Another ELF-Injector☆16Oct 12, 2019Updated 6 years ago
- A Proof-of-Concept win32 DLL that makes use of netbios session token replay to propagate through a Windows Domain☆25Apr 14, 2018Updated 7 years ago
- Implements the POP/MOV SS (CVE-2018-8897) vulnerability by leveraging SYSCALL to perform a local privilege escalation (LPE).☆118Aug 8, 2018Updated 7 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago