mez-0 / YaraEngine

Related projects: ⓘ

• Hagrid29 / herpaderply_hollowing
  Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
  ☆45Updated last year
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆37Updated last year
• benheise / TitanLdr
  Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
  ☆44Updated 3 years ago
• accidentalrebel / shcode2exe
  Compile shellcode into an exe file from Windows or Linux.
  ☆57Updated 3 years ago
• naksyn / talks
  Repo containing my public talks
  ☆22Updated last year
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• ethereal-vx / Persistence
  Recreating and reviewing the Windows persistence methods
  ☆39Updated 2 years ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆51Updated 2 years ago
• rbmm / Hollowed-Process
  ☆24Updated 5 months ago
• jdu2600 / Etw-SyscallMonitor
  Monitors ETW for security relevant syscalls maintaining the set called by each unique process
  ☆49Updated last year
• APT64 / KernelAVKiller
  Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.
  ☆6Updated last year
• FuzzySecurity / AdvSim.Compression
  Simple and sane compression wrapper library.
  ☆17Updated last year
• FULLSHADE / DrvLoader
  ☆28Updated this week
• passthehashbrowns / suspendedunhook
  ☆36Updated 3 years ago
• MMitsuha / Tajimari
  the Open Source and Pure C++ Packer for eXecutables
  ☆18Updated last year
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆43Updated 4 months ago
• loneicewolf / KernelMode-Code
  2022 Updated Kernelmode-Code
  ☆29Updated 5 months ago
• loneicewolf / smbdoor
  improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys
  ☆50Updated last year
• RedTeamOperations / VEH-PoC
  ☆97Updated last year
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆22Updated 3 months ago
• SecIdiot / bootdoor
  ☆31Updated this week
• Dump-GUY / Invoke-DetectItEasy
  Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.
  ☆23Updated 2 years ago
• Flawww / NtSyscaller
  Manually perform syscalls without going through any external API or DLL.
  ☆16Updated last year
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69Updated last year
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆61Updated 2 years ago
• jdu2600 / Get-InjectedThreadEx
  Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
  ☆25Updated 11 months ago
• alfarom256 / MCP-PoC
  Minifilter Callback Patching Proof-of-Concept
  ☆59Updated last year
• DGRonpa / Process_Injection
  ☆20Updated 2 years ago
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆27Updated 2 years ago
• ihack4falafel / ROR13HashGenerator
  C# implementation to produce ROR-13 numeric hash for given function API name
  ☆31Updated 5 years ago