lfontesm's Stars
cuckoosandbox/cuckoo
Cuckoo Sandbox is an automated dynamic malware analysis system
microsoft/Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
TsudaKageyu/minhook
The Minimalistic x86/x64 API Hooking Library for Windows
TheWover/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
mandiant/speakeasy
Windows kernel and user mode emulation.
corkami/pocs
Proof of Concepts (PE, PDF...)
m0n0ph1/Process-Hollowing
Great explanation of Process Hollowing (a Technique often used in Malware)
kubo/funchook
Hook function calls by inserting jump instructions at runtime
binref/refinery
High Octane Triage Analysis
hakril/PythonForWindows
A codebase aimed to make interaction with Windows and native execution easier
CERT-Polska/mwdb-core
Malware repository component for samples & static configuration with REST API interface.
saferwall/pe
A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
MiroKaku/libwsk
The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).
passthehashbrowns/hiding-your-syscalls
Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
CCob/SylantStrike
Simple EDR implementation to demonstrate bypass
ctxis/DLLHSC
DLLHSC - DLL Hijack SCanner a tool to assist with the discovery of suitable candidates for DLL Hijacking
CAS-Atlantic/AArch64-Encoding
AArch64 Instructions, Opcodes and Binary Encoding
ayoul3/reflect-pe
Reflectively load PE
MalwareTech/BasicHook
x86 Inline hooking engine (using trampolines)
EspressoCake/DLL_Imports_BOF
A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.
riskydissonance/SyscallsExample
Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.
SECFORCE/DLL-Hollow-PoC
DLL Hollowing PoC - Remote and Self shellcode injection
Cobalt-Strike/ProxyDLLExample
code for the Proxy DLL example blog post
malcomvetter/WMIProcessWatcher
An example pattern in C# for using WMI to monitor process creation and termination events.
OxMarco/darwinian-virus
Project aimed at creating a malware able to evolve and adapt to the various host machines through metamorphic modifications, spontaneous mutations, code imitation and DNA programming to enable/disable functionalities
vaginessa/Windows-Crypter-Collection
A collection of crypters, binders, mailers etc for M$ Windows
Grazfather/pwndock
A pwning environment, now on docker!
MiroKaku/hde-mirro
Hacker Disassembler Engine - mirro
guided-hacking/GuidedHacking-Injector
The BEST DLL Injector Library.
WBGlIl/AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks