Small tool to play with IOCs caused by Imageload events
☆44May 14, 2023Updated 2 years ago
Alternatives and similar repositories for Hunt-Weird-ImageLoads
Users that are interested in Hunt-Weird-ImageLoads are comparing it to the libraries listed below
Sorting:
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- ☆60Jan 9, 2023Updated 3 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆242Sep 26, 2023Updated 2 years ago
- Manually perform syscalls without going through any external API or DLL.☆19Apr 19, 2023Updated 2 years ago
- ☆223Oct 22, 2023Updated 2 years ago
- Simple BOF to read the protection level of a process☆118May 10, 2023Updated 2 years ago
- Scan strings or files for malware using the Windows Antimalware Scan Interface☆30Mar 24, 2023Updated 2 years ago
- Threadless Process Injection through entry point hijacking☆350Sep 10, 2024Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆88May 17, 2023Updated 2 years ago
- Sliver agent rewritten in C++☆49Sep 4, 2024Updated last year
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- A Poc on blocking Procmon from monitoring network events☆110Aug 7, 2025Updated 6 months ago
- ☆12Jul 2, 2023Updated 2 years ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 8 months ago
- Code with Windows Hacker☆12Oct 14, 2022Updated 3 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆324Jan 17, 2024Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆309Feb 13, 2023Updated 3 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- miscellaneous scripts and programs☆277Jan 23, 2025Updated last year
- ☆164Dec 30, 2022Updated 3 years ago
- Repo containing my public talks☆23May 30, 2023Updated 2 years ago
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- ☆23May 28, 2021Updated 4 years ago
- Using fibers to run in-memory code.☆242Oct 19, 2023Updated 2 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- ☆106May 15, 2023Updated 2 years ago
- BYOVD collection☆24Mar 20, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆65Dec 16, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago