reecdeep / hollowiseLinks
Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis tool from malware detection
☆36Updated 4 months ago
Alternatives and similar repositories for hollowise
Users that are interested in hollowise are comparing it to the libraries listed below
Sorting:
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆19Updated 5 months ago
- ☆20Updated last year
- Lena's scripts/code/resources for malware analysis☆27Updated last year
- a tiny program to consume from ETW providers for research☆49Updated 5 months ago
- Situational Awareness script to identify how and where to run implants☆52Updated 6 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 11 months ago
- ☆27Updated 6 months ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆41Updated 9 months ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52Updated last year
- Ghosting-AMSI☆17Updated last month
- Vibe Malware Triage - MCP server for static PE analysis.☆63Updated last month
- ☆24Updated 4 months ago
- ☆37Updated last year
- ☆107Updated 7 months ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆80Updated 9 months ago
- Work in progress experiments with reverse shells, AV bypass and extraction of secrets from memory in C☆39Updated 5 years ago
- Repo containing my public talks☆23Updated 2 years ago
- MITRE TTPs derived from Conti's leaked playbooks from XSS.IS☆38Updated 3 years ago
- quASAR: ASAR manipulation made easy☆38Updated 2 years ago
- Windows Shell Link (LNK) Proof of Concept☆15Updated 3 weeks ago
- ☆48Updated 2 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated 10 months ago
- ☆75Updated 10 months ago
- Golang bindings for PE-sieve☆43Updated last year
- Mythic C2 wrapper for NimSyscallPacker☆25Updated 3 months ago
- A pure C version of SymProcAddress☆27Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆83Updated last year
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆82Updated last year
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- IAT Unhooking proof-of-concept☆29Updated last year