jstrosch / sclauncher
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
☆134Updated 6 months ago
Alternatives and similar repositories for sclauncher:
Users that are interested in sclauncher are comparing it to the libraries listed below
- ☆111Updated 2 months ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆115Updated 7 months ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆152Updated last month
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆115Updated 5 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆333Updated this week
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆203Updated last year
- Tools for analyzing EDR agents☆219Updated 8 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆307Updated last year
- ☆154Updated 8 months ago
- ☆105Updated 7 months ago
- ☆231Updated 2 years ago
- ☆112Updated last year
- Python tool to check rootkits in Windows kernel☆190Updated 2 weeks ago
- A dynamic unpacking tool☆132Updated last year
- A CIA tradecraft technique to asynchronously detect when a process is created using WMI.☆132Updated last year
- Finding secrets in kernel and user memory☆113Updated last year
- Collect Windows telemetry for Maldev☆294Updated last week
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- ☆103Updated 3 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆131Updated 8 months ago
- Repository of Yara Rules☆97Updated last month
- ☆96Updated 2 months ago
- ☆206Updated 2 weeks ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated last week
- Exploitation of process killer drivers☆196Updated last year
- EDRSandblast-GodFault☆250Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆202Updated 3 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆366Updated 3 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆322Updated 6 months ago
- Configuration Extractors for Malware☆89Updated 2 weeks ago