jstrosch / sclauncher
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
☆139Updated 8 months ago
Alternatives and similar repositories for sclauncher:
Users that are interested in sclauncher are comparing it to the libraries listed below
- ☆111Updated last month
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆156Updated last month
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 8 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- ☆105Updated 8 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆205Updated last year
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year
- Tools for analyzing EDR agents☆221Updated 9 months ago
- Finding secrets in kernel and user memory☆115Updated last year
- Collect Windows telemetry for Maldev☆316Updated last month
- ☆113Updated last year
- ☆253Updated 2 years ago
- Repository of Yara Rules☆103Updated last month
- ☆64Updated last month
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆208Updated 4 months ago
- ☆186Updated last year
- ☆155Updated 10 months ago
- Python tool to check rootkits in Windows kernel☆195Updated 3 weeks ago
- Configuration Extractors for Malware☆92Updated last month
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆169Updated 2 years ago
- EDRSandblast-GodFault☆257Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆255Updated 9 months ago
- Exploitation of process killer drivers☆197Updated last year
- A collection of tools and detections for the Sliver C2 Frameworj☆116Updated last year
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆387Updated last week
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆115Updated 2 weeks ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆138Updated last week
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆323Updated 7 months ago
- ☆107Updated last year