nsacyber / Driver-Collider

Related projects: ⓘ

• hasherezade / tag_converter
  ☆21Updated 3 years ago
• vxunderground / Vx-Engines
  ☆58Updated this week
• tandasat / RemoteWriteMonitor
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆73Updated 9 years ago
• SouhailHammou / Drivers
  Windows Drivers
  ☆95Updated 5 years ago
• hasherezade / loaderine
  A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
  ☆19Updated 6 years ago
• BreakingMalwareResearch / CFGExceptions
  Adding exceptions to Microsoft's Control Flow Guard (CFG)
  ☆58Updated 8 years ago
• crackinglandia / fuu
  [F]aster [U]niversal [U]npacker
  ☆44Updated 11 years ago
• own2pwn / r0ak
  r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
  ☆25Updated 6 years ago
• repnz / autoit-analysis
  AutoIt Analysis Library: Parser & Emulator For Malware Researchers
  ☆16Updated 5 years ago
• deroko / SPPLUAObjectUacBypass
  ☆45Updated 6 years ago
• mrexodia / YaraGen
  Plugin for x64dbg to generate Yara rules from function basic blocks.
  ☆34Updated 7 years ago
• zodiacon / NativeApps
  Demos and presentation from SECArmy Village Grayhat 2020
  ☆36Updated last year
• mattifestation / MSFTTraceMessageFormat
  All TMF files that I extracted from Microsoft PDBs.
  ☆12Updated 5 years ago
• zodiacon / Blog
  Blog posts
  ☆30Updated 4 years ago
• EricZimmerman / SDB
  Parse Microsoft shim databases
  ☆28Updated 2 weeks ago
• deroko / activationcontexthook
  ☆33Updated 6 years ago
• hasherezade / process_chameleon
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆91Updated 3 years ago
• AndreyBazhan / DbgPkg
  Scripts to prepare Windows system for debugging.
  ☆29Updated 3 years ago
• marcusbotacin / Anti.Analysis
  Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis
  ☆43Updated 7 years ago
• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆40Updated last year
• NtRaiseHardError / UnRunPE
  PoC for detecting and dumping process hollowing code injection
  ☆50Updated 5 years ago
• ctxis / capemon
  CAPE monitor DLLs
  ☆38Updated 4 years ago
• mr-tz / idapython
  IDAPython scripts
  ☆15Updated 7 years ago
• NtRaiseHardError / Sysmon
  Sysmon shenanigans
  ☆65Updated 3 years ago
• maldevel / PEdumper
  Dump Windows PE file information in C
  ☆22Updated 9 years ago
• hasherezade / pin_n_sieve
  An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
  ☆57Updated 3 weeks ago
• secabstraction / PowerWalker
  ☆21Updated 8 years ago
• hasherezade / funky_malware_formats
  Parsers for custom malware formats ("Funky malware formats")
  ☆92Updated 2 years ago
• BreakingMalwareResearch / Captain-Hook
  ☆50Updated 8 years ago
• securesean / Shim-Process-Scanner
  Windows x64 Process Scanner to detect application compatability shims
  ☆37Updated 5 years ago