A method of bypassing EDR's active projection DLL's by preventing entry point exection
Support
Quality
Security
License
Reuse
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
Support
Quality
Security
License
Reuse
This program is designed to demonstrate various process injection techniques
Support
Quality
Security
License
Reuse
CRITs - Collaborative Research Into Threats
Support
Quality
Security
License
Reuse
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
Support
Quality
Security
License
Reuse
Log what files are accessed by any Linux process
Support
Quality
Security
License
Reuse
Scan files or process memory for CobaltStrike beacons and parse their configuration
Support
Quality
Security
License
Reuse
o
obfuscated-gradientsby anishathalye
Jupyter Notebook 
798 Version:Current
License: No License (No License)
License: No License (No License)Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
Support
Quality
Security
License
Reuse
SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
Support
Quality
Security
License
Reuse
Cyber Analytics Repository
Support
Quality
Security
License
Reuse
A laboratory for learning secure web and mobile development in a practical manner.
Support
Quality
Security
License
Reuse
Demos of various injection techniques found in malware
Support
Quality
Security
License
Reuse
Automated wanadecrypt with key recovery if lucky
Support
Quality
Security
License
Reuse
Windows and Cygwin port of proxychains, based on MinHook and DLL Injection
Support
Quality
Security
License
Reuse
Registry Explorer - enhanced Registry editor/viewer
Support
Quality
Security
License
Reuse
Collaborative Incident Response platform
Support
Quality
Security
License
Reuse
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Support
Quality
Security
License
Reuse
A Python package and CLI for parsing aggregate and forensic DMARC reports
Support
Quality
Security
License
Reuse
A feature rich DLL injection library.
Support
Quality
Security
License
Reuse
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
Support
Quality
Security
License
Reuse
FAME Automates Malware Evaluation
Support
Quality
Security
License
Reuse
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Support
Quality
Security
License
Reuse
PoCs and tools for investigation of Windows process execution techniques
Support
Quality
Security
License
Reuse
Red Team Scripts by d0nkeys (ex SnadoTeam)
Support
Quality
Security
License
Reuse
Brand New Code Injection for Windows
Support
Quality
Security
License
Reuse
Europa Universalis IV double byte language patch; master:1.34.2, dev:1.35.1
Support
Quality
Security
License
Reuse
Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Support
Quality
Security
License
Reuse
ASI Loader is the tool that loads custom libraries with the file extension .asi into any game process.
Support
Quality
Security
License
Reuse
Damn Vulnerable NodeJS Application
Support
Quality
Security
License
Reuse
💉 DLL/Shellcode injection techniques
Support
Quality
Security
License
Reuse
macOS (& ios) Artifact Parsing Tool
Support
Quality
Security
License
Reuse
Everything related to Linux Forensics
Support
Quality
Security
License
Reuse
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
Support
Quality
Security
License
Reuse
hijack dll Source Code Generator. support x86/x64
Support
Quality
Security
License
Reuse
A tiny web auditor with strong opinions.
Support
Quality
Security
License
Reuse
A Windows native DLL injection library that supports several methods of injection.
Support
Quality
Security
License
Reuse
CyLR - Live Response Collection Tool
Support
Quality
Security
License
Reuse
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
Support
Quality
Security
License
Reuse
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Support
Quality
Security
License
Reuse
A Harder ImageNet Test Set (CVPR 2021)
Support
Quality
Security
License
Reuse
Code relative to "Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks"
Support
Quality
Security
License
Reuse
OWASP ZSC - Shellcode/Obfuscate Code Generator
Support
Quality
Security
License
Reuse
Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller
Support
Quality
Security
License
Reuse
Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
Support
Quality
Security
License
Reuse
Python Script to access ATT&CK content available in STIX via a public TAXII server
Support
Quality
Security
License
Reuse
d
dependency-check-sonar-pluginby dependency-check
Java 499 Version:Current License: No License (No License)
License: No License (No License)Integrates Dependency-Check reports into SonarQube
Support
Quality
Security
License
Reuse
A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.
Support
Quality
Security
License
Reuse
💉📦 A Webpack loader for injecting code into modules via their dependencies.
Support
Quality
Security
License
Reuse
My implementation of enSilo's Process Doppelganging (PE injection technique)
Support
Quality
Security
License
Reuse
Detect, analyze and uniquely identify crashes in Windows applications
Support
Quality
Security
License
Reuse
S
SharpBlockby CCob
A method of bypassing EDR's active projection DLL's by preventing entry point exection
C# 856Updated: 2 y ago License: No License (No License)
856Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
T
ThreatPursuit-VMby fireeye
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
PowerShell 855Updated: 3 y ago License: Proprietary (Proprietary)
855Updated: 3 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
P
ProcessInjectionby 3xpl01tc0d3r
This program is designed to demonstrate various process injection techniques
C# 852Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
852Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
c
critsby crits
CRITs - Collaborative Research Into Threats
JavaScript 843Updated: 2 y ago License: Proprietary (Proprietary)
843Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
S
SharpRDPby 0xthirteen
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
C# 821Updated: 2 y ago License: Permissive (BSD-3-Clause)
821Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
w
whatfilesby spieglt
Log what files are accessed by any Linux process
C 807Updated: 3 y ago License: Strong Copyleft (GPL-3.0)
807Updated: 3 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
C
CobaltStrikeScanby Apr4h
Scan files or process memory for CobaltStrike beacons and parse their configuration
C# 802Updated: 2 y ago License: Permissive (MIT)
802Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
o
obfuscated-gradientsby anishathalye
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
Jupyter Notebook 798Updated: 3 y ago License: No License (No License)
798Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
SuperDllHijackby anhkgg
SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
C++ 784Updated: 2 y ago License: Permissive (Apache-2.0)
784Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
c
carby mitre-attack
Cyber Analytics Repository
Python 781Updated: 1 y ago License: Permissive (Apache-2.0)
781Updated: 1 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
s
secDevLabsby globocom
A laboratory for learning secure web and mobile development in a practical manner.
PHP 775Updated: 1 y ago License: Permissive (BSD-3-Clause)
775Updated: 1 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
d
demosby hasherezade
Demos of various injection techniques found in malware
C 763Updated: 2 y ago License: Permissive (BSD-2-Clause)
763Updated: 2 y ago License: Permissive (BSD-2-Clause)Support
Quality
Security
License
Reuse
w
wanakiwiby gentilkiwi
Automated wanadecrypt with key recovery if lucky
C 761Updated: 3 y ago License: No License (No License)
761Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
proxychains-windowsby shunf4
Windows and Cygwin port of proxychains, based on MinHook and DLL Injection
C 740Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
740Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
R
RegExpby zodiacon
Registry Explorer - enhanced Registry editor/viewer
C++ 737Updated: 3 y ago License: Permissive (MIT)
737Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
i
iris-webby dfir-iris
Collaborative Incident Response platform
JavaScript 720Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)
720Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
W
Watcherby thalesgroup-cert
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Python 709Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
709Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
p
parsedmarcby domainaware
A Python package and CLI for parsing aggregate and forensic DMARC reports
Python 708Updated: 2 y ago License: Permissive (Apache-2.0)
708Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
G
GH-Injector-Libraryby Broihon
A feature rich DLL injection library.
C++ 698Updated: 1 y ago License: No License (No License)
698Updated: 1 y ago License: No License (No License)Support
Quality
Security
License
Reuse
d
dlinjectby DavidBuchanan314
Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace
Python 684Updated: 2 y ago License: Permissive (MIT)
684Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
f
fameby certsocietegenerale
FAME Automates Malware Evaluation
Python 681Updated: 3 y ago License: Strong Copyleft (GPL-3.0)
681Updated: 3 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
A
AzureHunterby darkquasar
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
PowerShell 678Updated: 1 y ago License: Permissive (MIT)
678Updated: 1 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
T
TangledWinExecby daem0nc0re
PoCs and tools for investigation of Windows process execution techniques
C# 678Updated: 2 y ago License: Permissive (BSD-3-Clause)
678Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
r
redteamby d0nkeys
Red Team Scripts by d0nkeys (ex SnadoTeam)
PowerShell 663Updated: 2 y ago License: Permissive (MIT)
663Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
atom-bombingby BreakingMalwareResearch
Brand New Code Injection for Windows
C++ 654Updated: 3 y ago License: No License (No License)
654Updated: 3 y ago License: No License (No License)Support
Quality
Security
License
Reuse
E
EU4dllby matanki-saito
Europa Universalis IV double byte language patch; master:1.34.2, dev:1.35.1
C++ 636Updated: 2 y ago License: Permissive (MIT)
636Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
diffyby Netflix-Skunkworks
Diffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Python 631Updated: 2 y ago License: Permissive (Apache-2.0)
631Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
U
Ultimate-ASI-Loaderby ThirteenAG
ASI Loader is the tool that loads custom libraries with the file extension .asi into any game process.
C++ 631Updated: 1 y ago License: Permissive (MIT)
631Updated: 1 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
Support
Quality
Security
License
Reuse
I
Injectorsby rootm0s
💉 DLL/Shellcode injection techniques
C++ 616Updated: 1 y ago License: No License (No License)
616Updated: 1 y ago License: No License (No License)Support
Quality
Security
License
Reuse
m
mac_aptby ydkhatri
macOS (& ios) Artifact Parsing Tool
Python 605Updated: 2 y ago License: Permissive (MIT)
605Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
L
LinuxForensicsby ashemery
Everything related to Linux Forensics
Shell 582Updated: 2 y ago License: No License (No License)
582Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
D
DInvokeby TheWover
Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.
C# 564Updated: 2 y ago License: Permissive (MIT)
564Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
AheadLib-x86-x64by strivexjun
hijack dll Source Code Generator. support x86/x64
C++ 554Updated: 1 y ago License: No License (No License)
554Updated: 1 y ago License: No License (No License)Support
Quality
Security
License
Reuse
t
twaby trailofbits
A tiny web auditor with strong opinions.
Shell 554Updated: 3 y ago License: Permissive (MIT)
554Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
B
Bleakby Akaion
A Windows native DLL injection library that supports several methods of injection.
C# 552Updated: 3 y ago License: Permissive (MIT)
552Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CyLRby orlikoski
CyLR - Live Response Collection Tool
C# 545Updated: 1 y ago License: Strong Copyleft (GPL-3.0)
545Updated: 1 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
pinjectraby SafeBreach-Labs
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
C++ 543Updated: 3 y ago License: Permissive (BSD-3-Clause)
543Updated: 3 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
p
process_ghostingby hasherezade
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
C 541Updated: 2 y ago License: Permissive (MIT)
541Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
n
natural-adv-examplesby hendrycks
A Harder ImageNet Test Set (CVPR 2021)
Python 529Updated: 2 y ago License: Permissive (MIT)
529Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
auto-attackby fra31
Code relative to "Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks"
Python 520Updated: 1 y ago License: Permissive (MIT)
520Updated: 1 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
O
OWASP-ZSCby zdresearch
OWASP ZSC - Shellcode/Obfuscate Code Generator
Python 514Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
514Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
C
Crypterby sithis993
Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller
Python 506Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
506Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
c
chepyby securisec
Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
Python 501Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
501Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
A
ATTACK-Python-Clientby OTRF
Python Script to access ATT&CK content available in STIX via a public TAXII server
Python 501Updated: 2 y ago License: Permissive (BSD-3-Clause)
501Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
d
dependency-check-sonar-pluginby dependency-check
Integrates Dependency-Check reports into SonarQube
Java 499Updated: 1 y ago License: No License (No License)
499Updated: 1 y ago License: No License (No License)Support
Quality
Security
License
Reuse
M
MemorySharpby JamesMenetrey
A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.
C# 491Updated: 3 y ago License: Proprietary (Proprietary)
491Updated: 3 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
i
inject-loaderby plasticine
💉📦 A Webpack loader for injecting code into modules via their dependencies.
JavaScript 479Updated: 4 y ago License: Permissive (MIT)
479Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
p
process_doppelgangingby hasherezade
My implementation of enSilo's Process Doppelganging (PE injection technique)
C 474Updated: 2 y ago License: No License (No License)
474Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
BugIdby SkyLined
Detect, analyze and uniquely identify crashes in Windows applications
Python 472Updated: 2 y ago License: Proprietary (Proprietary)
472Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse