mgeeky / PEInfo

Related projects ⓘ

Alternatives and complementary repositories for PEInfo

• rbmm / Noname
  really ?
  ☆12Updated 8 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆37Updated last year
• vineetgaurav / WIN_JELLY
  Windows GPU rootkit PoC by Team Jellyfish
  ☆35Updated 9 years ago
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆24Updated 3 years ago
• DimopoulosElias / Primitives
  ☆31Updated 4 years ago
• pwn1sher / RTImplant
  Just another casual shellcode native loader
  ☆24Updated 2 years ago
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆13Updated 4 months ago
• OffenseTeacher / NimSkrull
  NimSkrull is an adaption from the original Skrull malware anti-copy DRM. Only for the anti-copy feature. (https://github.com/aaaddress1/S…
  ☆12Updated last year
• nickvangilder / To-Safe-Mode-And-Beyond
  A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…
  ☆15Updated 3 years ago
• MathildeVenault / TheRestarter
  Released alongside with a talk at REcon 2023, TheRestarter is an interactive command-line tool is designed to interact with the Windows …
  ☆15Updated last year
• rbmm / Hollowed-Process
  ☆25Updated 3 weeks ago
• Flawww / NtSyscaller
  Manually perform syscalls without going through any external API or DLL.
  ☆16Updated last year
• waleedassar / SyscallNumberExtractor
  ☆24Updated 3 years ago
• LethalSnake1337 / PE-Loader-exercise
  A simple PE loader.
  ☆25Updated last year
• freesoul / netstub
  Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.
  ☆15Updated 6 years ago
• klezVirus / DCKFinder
  Dangling COM Keys Finder
  ☆14Updated 2 years ago
• aaaddress1 / masqueradeCmdline
  A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
  ☆37Updated 3 years ago
• thefLink / Memfiddler
  Executes shellcode from a remote server and aims to evade in-memory scanners
  ☆30Updated 4 years ago
• m8sec / EAPrimer
  C# project to Reflectively load .Net assemblies in memory
  ☆17Updated 4 months ago
• xforcered / AdvSim.Cryptography
  Simple and sane cryptographic wrapper library.
  ☆26Updated last year
• DanusMinimus / API-Hash
  API hashing written in C to load APIs indirectly using CRC32 hashing
  ☆13Updated 4 years ago
• 7eRoM / elam
  A Practical example of ELAM (Early Launch Anti-Malware)
  ☆30Updated 2 years ago
• Idov31 / UdpInspector
  Listing UDP connections with remote address without sniffing.
  ☆30Updated last year
• SolomonSklash / UnhookingPOC
  A small commented POC for removing API hooks placed by AV/EDR.
  ☆33Updated 4 years ago