jstrosch / sclauncher
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
☆138Updated 7 months ago
Alternatives and similar repositories for sclauncher:
Users that are interested in sclauncher are comparing it to the libraries listed below
- ☆111Updated 3 weeks ago
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆155Updated 3 weeks ago
- Repository of Yara Rules☆103Updated 3 weeks ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆114Updated 8 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- A ProcessMonitor visualization application written in rust.☆179Updated last year
- ☆155Updated 9 months ago
- Tools for analyzing EDR agents☆221Updated 9 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆206Updated last year
- ☆105Updated 8 months ago
- ☆212Updated last month
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year
- Configuration Extractors for Malware☆91Updated last month
- Collect Windows telemetry for Maldev☆303Updated last month
- ☆64Updated last month
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆387Updated this week
- Python tool to check rootkits in Windows kernel☆193Updated last week
- ☆113Updated last year
- Finding secrets in kernel and user memory☆115Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆253Updated 8 months ago
- ETW based POC to identify direct and indirect syscalls☆180Updated last year
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆322Updated 7 months ago
- A collection of tools and detections for the Sliver C2 Frameworj☆116Updated last year
- A dynamic unpacking tool☆132Updated last year
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆115Updated this week
- Use YARA rules on Time Travel Debugging traces☆89Updated last year
- ☆252Updated 2 years ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆105Updated last month
- EDRSandblast-GodFault☆250Updated last year