nsacyber / Driver-Collider
Blocks drivers from loading by using a name collision technique. #nsacyber
☆44Updated 6 years ago
Related projects: ⓘ
- ☆21Updated 3 years ago
- ☆58Updated this week
- A tool to help malware analysts tell that the sample is injecting code into other process.☆73Updated 9 years ago
- Windows Drivers☆95Updated 5 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- [F]aster [U]niversal [U]npacker☆44Updated 11 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆25Updated 6 years ago
- AutoIt Analysis Library: Parser & Emulator For Malware Researchers☆16Updated 5 years ago
- ☆45Updated 6 years ago
- Plugin for x64dbg to generate Yara rules from function basic blocks.☆34Updated 7 years ago
- Demos and presentation from SECArmy Village Grayhat 2020☆36Updated last year
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Blog posts☆30Updated 4 years ago
- Parse Microsoft shim databases☆28Updated 2 weeks ago
- ☆33Updated 6 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆91Updated 3 years ago
- Scripts to prepare Windows system for debugging.☆29Updated 3 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆43Updated 7 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- PoC for detecting and dumping process hollowing code injection☆50Updated 5 years ago
- CAPE monitor DLLs☆38Updated 4 years ago
- IDAPython scripts☆15Updated 7 years ago
- Sysmon shenanigans☆65Updated 3 years ago
- Dump Windows PE file information in C☆22Updated 9 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆57Updated 3 weeks ago
- ☆21Updated 8 years ago
- Parsers for custom malware formats ("Funky malware formats")☆92Updated 2 years ago
- ☆50Updated 8 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Updated 5 years ago