lfontesm / PEB-Walk
☆11Updated 2 years ago
Related projects: ⓘ
- ☆17Updated 3 years ago
- ☆49Updated this week
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆65Updated 3 years ago
- Rite Of Passage ROP Injector☆33Updated 5 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆65Updated 2 years ago
- Process Hollowing Detection on a live system☆13Updated 6 years ago
- ☆22Updated 4 years ago
- PoC for hiding PE exports☆65Updated 3 years ago
- Go Lang Portable Executable Parser☆37Updated 3 years ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 5 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- Clone running process with ZwCreateProcess☆58Updated 3 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆39Updated last week
- An automatic tool for fixing dumped PE files☆42Updated 4 years ago
- UnpacMe IDA Byte Search☆25Updated 10 months ago
- Process Injection without R/W target memory and without creating a remote thread☆19Updated 2 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆31Updated last year
- ☆21Updated 3 years ago
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- 2022 Updated Kernelmode-Code☆29Updated 5 months ago
- Sysmon shenanigans☆65Updated 3 years ago
- NT AUTHORITY\SYSTEM☆37Updated 4 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- Simple PE Packer Which Encrypts .text Section☆45Updated 7 years ago
- Manually perform syscalls without going through any external API or DLL.☆16Updated last year
- A tool to help malware analysts tell that the sample is injecting code into other process.☆73Updated 9 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago