waldo-irc / MalMemDetect
Detect strange memory regions and DLLs
☆180Updated 3 years ago
Alternatives and similar repositories for MalMemDetect:
Users that are interested in MalMemDetect are comparing it to the libraries listed below
- Experiment on reproducing Obfuscate & Sleep☆142Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- ☆95Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆181Updated last year
- ☆133Updated last year
- ☆135Updated 2 years ago
- EDRSandblast-GodFault☆257Updated last year
- Deleting Shadow Copies In Pure C++☆114Updated 2 years ago
- ☆112Updated 2 years ago
- A basic emulation of an "RPC Backdoor"☆239Updated 2 years ago
- Exploitation of process killer drivers☆197Updated last year
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆157Updated 4 years ago
- It's pointy and it hurts!☆124Updated 2 years ago
- Beacon Object File Loader☆283Updated last year
- The code is a pingback to the Dark Vortex blog:☆174Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆71Updated 3 years ago
- ☆112Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- A Poc on blocking Procmon from monitoring network events☆100Updated 2 years ago
- Infect Shared Files In Memory for Lateral Movement☆194Updated 2 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM☆164Updated 2 years ago
- WTSRM☆209Updated 2 years ago
- Evasive Process Hollowing Techniques☆137Updated 4 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆138Updated 2 years ago
- ☆162Updated 3 years ago
- Finding secrets in kernel and user memory☆115Updated last year
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆99Updated 2 years ago
- ☆78Updated last year