mgeeky / msidumpLinks
MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
☆210Updated 2 years ago
Alternatives and similar repositories for msidump
Users that are interested in msidump are comparing it to the libraries listed below
Sorting:
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆330Updated 10 months ago
- A ProcessMonitor visualization application written in rust.☆180Updated last year
- ☆119Updated last year
- ☆299Updated 7 months ago
- Simple EDR implementation to demonstrate bypass☆173Updated 5 years ago
- Kill AV/EDR leveraging BYOVD attack☆359Updated last year
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆167Updated 2 months ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆215Updated 2 years ago
- A collection of tools and detections for the Sliver C2 Frameworj☆126Updated 2 years ago
- Finding secrets in kernel and user memory☆116Updated last year
- Beacon Object File Loader☆287Updated last year
- Aims to identify sleeping beacons☆596Updated 5 months ago
- EDRSandblast-GodFault☆265Updated last year
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆305Updated last year
- RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows☆7Updated 3 years ago
- ☆113Updated 3 years ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆322Updated 2 years ago
- Run Your Payload Without Running Your Payload☆182Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆185Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆341Updated 3 months ago
- Evasion Escaper is a project aimed at evading the checks that malicious software performs to detect if it's running in a virtual environm…☆106Updated 3 months ago
- Detect strange memory regions and DLLs☆183Updated 3 years ago
- Dump the memory of any PPL with a Userland exploit chain☆333Updated 2 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆167Updated last year
- Unprotect is a collaborative platform dedicated to uncovering and documenting malware evasion techniques. We invite you to join us in thi…☆165Updated 2 months ago
- WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement☆367Updated 3 years ago
- ☆378Updated 2 years ago
- A Visual Studio template used to create Cobalt Strike BOFs☆305Updated 3 years ago