mez-0 / YaraEngine
A C++ Yara Rule Runner
☆13Updated 2 years ago
Related projects: ⓘ
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated last year
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆44Updated 3 years ago
- Compile shellcode into an exe file from Windows or Linux.☆57Updated 3 years ago
- Repo containing my public talks☆22Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 2 years ago
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- ☆24Updated 5 months ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.☆6Updated last year
- Simple and sane compression wrapper library.☆17Updated last year
- ☆28Updated this week
- ☆36Updated 3 years ago
- the Open Source and Pure C++ Packer for eXecutables☆18Updated last year
- Standalone Metasploit-like XOR encoder for shellcode☆43Updated 4 months ago
- 2022 Updated Kernelmode-Code☆29Updated 5 months ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆50Updated last year
- ☆97Updated last year
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆22Updated 3 months ago
- ☆31Updated this week
- Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.☆23Updated 2 years ago
- Manually perform syscalls without going through any external API or DLL.☆16Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆25Updated 11 months ago
- Minifilter Callback Patching Proof-of-Concept☆59Updated last year
- ☆20Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆27Updated 2 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago