waldo-irc / MalMemDetect
Detect strange memory regions and DLLs
☆166Updated 2 years ago
Related projects: ⓘ
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆98Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- ☆107Updated this week
- ☆123Updated 2 years ago
- Evasive Process Hollowing Techniques☆132Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Infect Shared Files In Memory for Lateral Movement☆191Updated last year
- ☆97Updated last year
- It's pointy and it hurts!☆120Updated last year
- ☆105Updated this week
- ☆132Updated last year
- A Poc on blocking Procmon from monitoring network events☆96Updated 2 years ago
- ☆100Updated this week
- Deleting Shadow Copies In Pure C++☆111Updated last year
- ☆99Updated this week
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆171Updated last year
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆160Updated last year
- POC for frustrating/defeating Malware Analysts☆149Updated 2 years ago
- WTSRM☆198Updated 2 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆180Updated 2 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆131Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆163Updated last year
- Overwrite a process's recovery callback and execute with WER☆100Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆170Updated last year
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- Finding secrets in kernel and user memory☆112Updated last year
- ☆148Updated this week
- Do some DLL SideLoading magic☆72Updated last year
- ☆87Updated this week