Pinned Repositories
alerting-detection-strategy-framework
A framework for developing alerting and detection strategies for incident response.
EmulateMe
Showing how proof-of-work can be used to evade antivirus emulators.
memfuck
A PoC designed to bypass all usermode hooks in a WoW64 environment.
ShellcodeStdio
An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
syscall-detect
PoC capable of detecting manual syscalls from usermode.
TRunPE
A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
universal-syscall-64
Resolve syscall numbers at runtime for all Windows versions.
Windows-API-Fuzzer
Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.
jackullrich's Repositories
jackullrich/ShellcodeStdio
An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
jackullrich/syscall-detect
PoC capable of detecting manual syscalls from usermode.
jackullrich/memfuck
A PoC designed to bypass all usermode hooks in a WoW64 environment.
jackullrich/TRunPE
A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
jackullrich/Windows-API-Fuzzer
Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.
jackullrich/universal-syscall-64
Resolve syscall numbers at runtime for all Windows versions.
jackullrich/EmulateMe
Showing how proof-of-work can be used to evade antivirus emulators.
jackullrich/alerting-detection-strategy-framework
A framework for developing alerting and detection strategies for incident response.
jackullrich/Seatbelt
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
jackullrich/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters