lfontesm / PEB-WalkLinks
☆12Updated 3 years ago
Alternatives and similar repositories for PEB-Walk
Users that are interested in PEB-Walk are comparing it to the libraries listed below
Sorting:
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆71Updated 4 years ago
- Go Lang Portable Executable Parser☆39Updated 4 years ago
- An automatic tool for fixing dumped PE files☆41Updated 4 years ago
- TrashDBG the world's worse debugger☆23Updated 3 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆60Updated 6 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆70Updated 3 years ago
- Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.☆75Updated 3 years ago
- ☆31Updated 3 years ago
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- ☆20Updated last month
- PoC for hiding PE exports☆67Updated 4 years ago
- ☆71Updated last year
- MalUnpack companion driver☆98Updated last year
- Set of antianalysis techniques found in malware☆132Updated last year
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆92Updated 3 years ago
- Write-ups for FireEye's FLARE-On challenges☆25Updated 5 years ago
- Windows API Hashes used in the malwares☆42Updated 9 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆41Updated 5 years ago
- API Logger for Windows Executables☆78Updated 4 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated 11 months ago
- Writeups for CTF challenges☆31Updated last year
- WIP Emotet Control Flow Unflattening using miasm and radare2☆23Updated 2 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- Process Hollowing Detection on a live system☆13Updated 7 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆65Updated 7 years ago
- IDA plugin for quickly copying disassembly as encoded hex bytes☆62Updated 3 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆32Updated 6 years ago
- ☆161Updated 3 years ago
- Memory Loader Open Source Project by Sentinel-Labs.☆24Updated 4 years ago
- UnpacMe IDA Byte Search☆28Updated last year