MemProcFS
☆4,015Updated this week
Alternatives and similar repositories for MemProcFS
Users that are interested in MemProcFS are comparing it to the libraries listed below
Sorting:
- LeechCore - Physical Memory Acquisition Library & The LeechAgent Remote Memory Acquisition Agent☆847Feb 14, 2026Updated 2 weeks ago
- Direct Memory Access (DMA) Attack Software☆7,460Feb 14, 2026Updated 2 weeks ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆696Oct 22, 2025Updated 4 months ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,562Oct 31, 2025Updated 4 months ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,313Oct 31, 2025Updated 4 months ago
- State-of-the-art native debugging tools☆3,654Updated this week
- Kernel Driver Utility☆2,422Feb 17, 2026Updated last week
- Simple (relatively) things allowing you to dig a bit deeper than usual.☆3,483Feb 16, 2026Updated last week
- The multi-platform memory acquisition tool.☆946Oct 14, 2025Updated 4 months ago
- Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.☆6,861Feb 1, 2026Updated last month
- Rapidly Search and Hunt through Windows Forensic Artefacts☆3,452Feb 14, 2026Updated 2 weeks ago
- Hook system calls, context switches, page faults and more.☆2,637May 9, 2023Updated 2 years ago
- Disable PatchGuard and Driver Signature Enforcement at boot time☆2,254Aug 3, 2025Updated 6 months ago
- A Pin Tool for tracing API calls etc☆1,620Feb 8, 2026Updated 3 weeks ago
- FPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software☆1,666Feb 14, 2026Updated 2 weeks ago
- Windows kernel and user mode emulation.☆1,860Updated this week
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,278Feb 14, 2026Updated 2 weeks ago
- The FLARE team's open-source tool to identify capabilities in executable files.☆5,844Updated this week
- AV/EDR evasion via direct system calls.☆1,990Jan 1, 2023Updated 3 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆4,462Jul 8, 2025Updated 7 months ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,270May 1, 2024Updated last year
- Windows Object Explorer 64-bit☆1,886Feb 10, 2026Updated 2 weeks ago
- Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode☆2,503Nov 15, 2023Updated 2 years ago
- ☆2,168Feb 21, 2023Updated 3 years ago
- Defeating Windows User Account Control☆7,377Feb 17, 2026Updated last week
- Converts PE into a shellcode☆2,745Aug 30, 2025Updated 6 months ago
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago
- Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.☆3,037Updated this week
- Windows memory hacking library☆5,346Jan 26, 2024Updated 2 years ago
- Living Off The Land Drivers☆1,418Feb 12, 2026Updated 2 weeks ago
- AV/EDR evasion via direct system calls.☆1,793Sep 3, 2022Updated 3 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,897Updated this week
- Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…☆1,196Jun 17, 2022Updated 3 years ago
- Open-Source Shellcode & PE Packer☆2,069Feb 3, 2024Updated 2 years ago
- LSASS memory dumper using direct system calls and API unhooking.☆1,577Jan 5, 2021Updated 5 years ago
- Volatility 3.0 development☆3,931Feb 20, 2026Updated last week
- ☆1,787Aug 30, 2024Updated last year
- Utilities for Sysmon☆1,574Sep 21, 2025Updated 5 months ago