Arckmed

Arckmed's Stars

• xenoscr/manual-syscall-detect

  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

  Language:C++10622

• jackullrich/syscall-detect

  PoC capable of detecting manual syscalls from usermode.

  Language:C++18830

• rwfpl/rewolf-wow64ext

  Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.

  Language:C++953304

• m417z/winbindex

  An index of Windows binaries, including download links for executables such as exe, dll and sys files

  Language:Python62263

• Mixaill/FakePDB

  Tool for PDB generation from IDA Pro database

  Language:C++56262

• Midi12/QueryWorkingSetExample

  Just an example of a well-known technique to detect memory tampering via Windows Working Sets.

  Language:C166

• thefLink/Hunt-Weird-Syscalls

  ETW based POC to identify direct and indirect syscalls

  Language:C++17819

• jdu2600/Etw-SyscallMonitor

  Monitors ETW for security relevant syscalls maintaining the set called by each unique process

  Language:C#688

• microsoft/krabsetw

  KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

  Language:C++622154

• mandiant/capa

  The FLARE team's open-source tool to identify capabilities in executable files.

  Language:Python5k569

• qicosmos/cinatra

  modern c++(c++20), cross-platform, header-only, easy to use http framework

  Language:C++1.9k376

• jonomango/chum

  Binary rewriter for 64-bit PE files.

  Language:C++6712

• atrexus/ws-watcher

  A PoC application that detects unauthorized external access to select memory regions.

  Language:C++11

• dracula/dracula-theme

  🧛🏻‍♂️ One theme. All platforms.

  22.8k2.3k

• gh-nomad/nmd

  set of single-header libraries for C/C++. The code is far from finished but some parts are quite usable.

  Language:C16924

• vmi-rs/vmi

  Modular and extensible library for Virtual Machine Introspection

  Language:Rust696

• wbenny/hvpp

  hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system

  Language:C++1.1k223

• Bareflank/hypervisor

  lightweight hypervisor SDK written in C++ with support for Windows, Linux and UEFI

  Language:C++1.4k210

• tklengyel/drakvuf

  DRAKVUF Black-box Binary Analysis

  Language:C++1.1k257

• mike1k/pepp

  C++ library for parsing and manipulating PE files statically and dynamically.

  Language:C++8723

• hzqst/unicorn_pe

  Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.

  Language:C813200

• donnaskiez/ac

  kernel mode anti cheat

  Language:C495102

• Ahora57/Unabomber

  Improved VMP Idea(detect anti-anti-debug tools by bug)

  Language:C++424

• momo5502/emulator

  🪅 Windows User Space Emulator

  Language:C++78249

• klezVirus/SilentMoonwalk

  PoC Implementation of a fully dynamic call stack spoofer

  Language:C++73597

• RevEngAI/reai-ida

  RevEng.AI IDA Pro Plugin

  Language:Python503

• codecat/ClawSearch

  A memory scanner plugin for x64dbg, inspired by Cheat Engine.

  Language:C27940

• KiFilterFiberContext/microsoft-warbird

  Reimplementation of Microsoft's Warbird obuscator

  Language:C++11211

• hfiref0x/WinObjEx64

  Windows Object Explorer 64-bit

  Language:C1.7k294

• mandiant/speakeasy

  Windows kernel and user mode emulation.

  Language:Python1.6k235