Small tool to play with IOCs caused by Imageload events
☆44May 14, 2023Updated 2 years ago
Alternatives and similar repositories for Hunt-Weird-ImageLoads
Users that are interested in Hunt-Weird-ImageLoads are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆89May 17, 2023Updated 2 years ago
- ☆61Jan 9, 2023Updated 3 years ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- ☆113Oct 10, 2022Updated 3 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆173May 17, 2023Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆310Feb 13, 2023Updated 3 years ago
- Sliver agent rewritten in C++☆49Sep 4, 2024Updated last year
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 3 years ago
- Repo containing my public talks☆23May 30, 2023Updated 2 years ago
- ☆158Jul 31, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- Threadless Process Injection through entry point hijacking☆352Sep 10, 2024Updated last year
- ☆224Oct 22, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆261May 10, 2023Updated 2 years ago
- Simple BOF to read the protection level of a process☆119May 10, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆326Jan 17, 2024Updated 2 years ago
- windows内核安全与驱动开发代码☆12Apr 4, 2020Updated 6 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆68May 2, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆27Oct 31, 2023Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆112Aug 7, 2025Updated 8 months ago
- XOR decrypting shellcode using the GPU with OpenCL.☆122May 22, 2025Updated 10 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- ☆106May 15, 2023Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 10 months ago
- ☆124Oct 9, 2023Updated 2 years ago
- miscellaneous scripts and programs☆278Jan 23, 2025Updated last year
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- A dynamic unpacking tool☆152Sep 17, 2023Updated 2 years ago
- ☆12Jul 2, 2023Updated 2 years ago