Small tool to play with IOCs caused by Imageload events
☆44May 14, 2023Updated 2 years ago
Alternatives and similar repositories for Hunt-Weird-ImageLoads
Users that are interested in Hunt-Weird-ImageLoads are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆89May 17, 2023Updated 2 years ago
- ☆61Jan 9, 2023Updated 3 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆172May 17, 2023Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- Sliver agent rewritten in C++☆49Sep 4, 2024Updated last year
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 3 years ago
- Repo containing my public talks☆23May 30, 2023Updated 2 years ago
- ☆156Jul 31, 2022Updated 3 years ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- Threadless Process Injection through entry point hijacking☆351Sep 10, 2024Updated last year
- ☆224Oct 22, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- Simple BOF to read the protection level of a process☆119May 10, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆324Jan 17, 2024Updated 2 years ago
- windows内核安全与驱动开发代码☆12Apr 4, 2020Updated 5 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 7 months ago
- XOR decrypting shellcode using the GPU with OpenCL.☆121May 22, 2025Updated 10 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- ☆106May 15, 2023Updated 2 years ago
- miscellaneous scripts and programs☆278Jan 23, 2025Updated last year
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 3 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 9 months ago
- ☆123Oct 9, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- ☆12Jul 2, 2023Updated 2 years ago