c0rtado's repositories
ARCInject
Overwrite a process's recovery callback and invoke a crash to execute
BananaPhone
It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
disable-threat-tracing
Disable threat tracing from the kernel..
EzETW
Cmdlets for capturing Windows Events
FunctionStomping
A new shellcode injection technique. Given as C++ header, standalone Rust program or library.
hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
lpmapper
A mapper that maps shellcode into loaded large page drivers
mal_unpack_drv
MalUnpack companion driver
mcsema
Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
msynth
Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions
nanodump
A crappy LSASS dumper with no ASCII art
obfuscator
ollvm, base on llvm-clang 14.x
oss-sydr-fuzz
OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software.
pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
perses
X86 Mutation Engine with Portable Executable compatibility.
pinjectra
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
process_overwriting
Yet another variant of Process Hollowing
Reverse-Engineering
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
ScyllaHide
Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
secml_malware
Create adversarial attacks against machine learning Windows malware detectors
showstopper
ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
VX-API
Collection of various WINAPI tricks / features used or abused by Malware
windows_hardening
Windows Hardening settings and configurations