pandaadir05 / ghostLinks
Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.
☆220Updated this week
Alternatives and similar repositories for ghost
Users that are interested in ghost are comparing it to the libraries listed below
Sorting:
- SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…☆259Updated 2 months ago
- Keklick - C2 Hunting, Reporting and Visualization Tool☆64Updated 4 months ago
- Generate backdoored RSA keys using SETUP☆208Updated 2 weeks ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆99Updated 3 months ago
- .NET tool used to enrich RPC telemetry☆101Updated 6 months ago
- Enumerate active EDR's on the system☆146Updated 2 months ago
- Convert your shellcode into an ASCII string☆125Updated 5 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54Updated 7 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆157Updated 3 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Updated 9 months ago
- APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files☆94Updated 8 months ago
- Execute shellcode via ASPNET compiler☆58Updated 2 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆81Updated 5 months ago
- Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…☆204Updated 3 months ago
- Remote DLL Injection with Timer-based Shellcode Execution☆152Updated 5 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆130Updated 8 months ago
- Ebyte-Go-Morpher is a Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates …☆120Updated 5 months ago
- PoC that downloads an executable from a public SSL certificate☆136Updated 4 months ago
- ☆108Updated last year
- ☆46Updated 3 weeks ago
- Shellcode encryptor using a substitution cipher with a randomly generated key.☆142Updated 11 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆58Updated 2 months ago
- Obex – Blocking unwanted DLLs in user mode☆276Updated 3 months ago
- The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.☆352Updated last week
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆154Updated 3 weeks ago
- Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.☆47Updated 4 months ago
- NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.☆86Updated last month
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆61Updated 7 months ago
- UAC Bypass using CMSTP in Rust☆33Updated last year
- Using Chromium-based browsers as a proxy for C2 traffic.☆116Updated 2 weeks ago