psmitty7373 / eif
Evil Reflective DLL Injection Finder
☆45Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for eif
- a program to detect reflective dll injection on a live machine☆74Updated 8 years ago
- Shim database persistence (Fin7 TTP)☆35Updated 4 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 7 years ago
- Reflective Polymorphism☆104Updated 6 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆106Updated 3 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- Tool for injecting a "TCP Relay" managed assembly into an unmanaged process☆63Updated 5 years ago
- Mario & Luigi - Tools for sniffing Windows Named Pipes communication☆129Updated 7 years ago
- ☆21Updated 8 years ago
- A slightly stripped down version of RID (an exercise in learning python C-Types...some of it is a little rushed/sloppy) and a stripped do…☆52Updated 12 years ago
- Tool for injecting a "TCP Relay" managed assembly into unmanaged processes☆116Updated 5 years ago
- Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process E…☆35Updated 8 years ago
- A C++ POC for process injection using NtCreateSectrion, NtMapViewOfSection and RtlCreateUserThread. Credit to @spotheplanet for his notes…☆42Updated 3 years ago
- A repository of some of my Windows 10 Device Guard Bypasses☆133Updated 7 years ago
- ☆51Updated 7 years ago
- Windows Drivers☆95Updated 5 years ago
- few months old but better than nothing☆58Updated 2 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆73Updated 10 years ago
- Randomly changes Win32/64 PE Files for 'safer' uploading to malware and sandbox sites.☆130Updated 11 years ago
- InsecurePowerShell is PowerShell with some security features removed.☆101Updated 6 years ago
- Process reimaging proof of concept code☆95Updated 5 years ago
- DLL Injection Library & Tools☆70Updated 8 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆93Updated 6 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆155Updated 5 years ago
- ☆26Updated last year
- Sysmon shenanigans☆65Updated 4 years ago
- Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes☆60Updated 7 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆92Updated 3 years ago
- A collection of tools to enumerate and analyse Windows DACLs☆106Updated 9 years ago