pandaadir05 / ghostLinks
Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.
☆267Updated last month
Alternatives and similar repositories for ghost
Users that are interested in ghost are comparing it to the libraries listed below
Sorting:
- SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and up…☆260Updated 4 months ago
- Keklick - C2 Hunting, Reporting and Visualization Tool☆63Updated 6 months ago
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆105Updated 5 months ago
- A YARA rule generator☆60Updated 3 weeks ago
- Generate backdoored RSA keys using SETUP☆230Updated 2 months ago
- NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.☆93Updated 2 months ago
- EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.☆180Updated 3 weeks ago
- Backdooring VSCode Projects☆124Updated 7 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆160Updated 5 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆131Updated 9 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Updated 10 months ago
- Execute shellcode via ASPNET compiler☆60Updated 4 months ago
- Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…☆208Updated 4 months ago
- Obex – Blocking unwanted DLLs in user mode☆280Updated 4 months ago
- AV/EDR processes termination by exploiting a vulnerable driver (BYOVD)☆176Updated 2 weeks ago
- Enumerate active EDR's on the system☆150Updated 4 months ago
- .NET tool used to enrich RPC telemetry☆101Updated last week
- A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion.☆65Updated 5 months ago
- APT Emulation tool to exfiltrate sensitive .docx, .pptx, .xlsx, .pdf files☆97Updated 10 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆81Updated 7 months ago
- This is practice VM for malware development☆179Updated 2 months ago
- Malware traffic obfuscation library☆38Updated 6 months ago
- PoC that downloads an executable from a public SSL certificate☆136Updated 6 months ago
- This Python-based GUI application allows you to track the latest security vulnerabilities (CVEs) using the☆41Updated 10 months ago
- A professional Red Team / Pentest tool for assessing the external perimeter of a company in a complete "black box" mode (zero knowledge, …☆29Updated 2 months ago
- Ebyte-Go-Morpher is a Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates …☆121Updated 6 months ago
- Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.☆46Updated 5 months ago
- Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397)☆69Updated 8 months ago
- SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connecti…☆432Updated 3 months ago
- Chameleon is a polymorphic engine for x86_64 position independent shellcode that has been created out of the need to evade signature-base…☆47Updated 4 months ago