serializingme / emofishesLinks
Emofishes is a collection of proof-of-concepts that help improve, bypass or detect virtualized execution environments (focusing on the ones setup for malware analysis).
☆15Updated 2 years ago
Alternatives and similar repositories for emofishes
Users that are interested in emofishes are comparing it to the libraries listed below
Sorting:
- Environmental (and http) keying for scripting languages☆39Updated 6 years ago
- A simple reflective dll example☆19Updated 8 years ago
- This script is used for extracting DDE in docx and xlsx☆12Updated 7 years ago
- Fileless SQL Server CLR-based Custom Stored Procedure Command Execution☆35Updated 8 years ago
- POC for IAT Parsing Payloads☆48Updated 8 years ago
- Tools to enumerate Windows Firewall Hook Drivers on Windows 2000, XP and 2003☆20Updated 10 years ago
- Mimikatz HashClash☆12Updated 10 years ago
- Python based module to find common vulnerabilities which lead to Windows privilege escalation☆32Updated 8 years ago
- \ PowerAvails Powershell /☆12Updated 6 years ago
- Various snippets created during malware analysis☆22Updated 7 years ago
- ☆17Updated 9 years ago
- ☆19Updated 8 years ago
- Talk given at DerbyCon and RuxCon 2016☆22Updated 8 years ago
- Work Fast With the pattern matching swiss knife for malware researchers.☆38Updated 9 years ago
- Mixing up CVE and MS like a pro☆25Updated 8 years ago
- ☆18Updated 7 years ago
- A set of compiled application restriction bypasses☆29Updated 8 years ago
- Comprehensive Pivoting Framework☆20Updated 8 years ago
- Network detector for Winnti malware☆20Updated 7 years ago
- Carve Windows Prefetch files from arbitrary binary data☆14Updated 7 years ago
- Making shellcode UD - https://osandamalith.com☆24Updated 8 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Updated 7 years ago
- Test suite for bypassing Malware sandboxes.☆39Updated 10 years ago
- McAfee ePolicy 0wner exploit code☆46Updated 6 years ago
- A tool to generate yara signatures from function blocks☆19Updated 10 years ago
- Shows command lines used by latest instances analyzed on Hybrid-Analysis☆43Updated 6 years ago
- PowerShell Empire module for logging USB keystrokes via ETW☆31Updated 8 years ago
- Squirtle the Browser-based NTLM Attack Toolkit☆17Updated 10 years ago
- Crack your macros like the math pros.☆33Updated 8 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆45Updated 8 years ago