Threadless Process Injection using remote function hooking.
Support
Quality
Security
License
Reuse
dll injection tool that implements various methods
Support
Quality
Security
License
Reuse
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
Support
Quality
Security
License
Reuse
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
Support
Quality
Security
License
Reuse
Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
Support
Quality
Security
License
Reuse
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Support
Quality
Security
License
Reuse
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
Support
Quality
Security
License
Reuse
Various snippets created during malware analysis
Support
Quality
Security
License
Reuse
Python Scripts for Hacking .
Support
Quality
Security
License
Reuse
A tool for forensic file system reconstruction.
Support
Quality
Security
License
Reuse
在Windows环境下的进程注入方法:远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
Support
Quality
Security
License
Reuse
Quickly debug shellcode extracted during malware analysis
Support
Quality
Security
License
Reuse
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
Support
Quality
Security
License
Reuse
DFIRTrack - The Incident Response Tracking Application
Support
Quality
Security
License
Reuse
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Support
Quality
Security
License
Reuse
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
Support
Quality
Security
License
Reuse
OWASP Foundation main site repository
Support
Quality
Security
License
Reuse
Remote forensics meta tool
Support
Quality
Security
License
Reuse
Advanced Game Hacking Library for C/C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External)
Support
Quality
Security
License
Reuse
Easy-to-use live forensics toolbox for Linux endpoints
Support
Quality
Security
License
Reuse
Using Driver Global Injection dll, it can hide DLL modules
Support
Quality
Security
License
Reuse
A series of programs demonstrating the basics of Memory Scanning, Api Hooking and DLL Injection. The high point is using Notepad.exe as a render target, and playing snake in a notepad window
Support
Quality
Security
License
Reuse
Repo for all the OWASP-SKF Docker lab examples
Support
Quality
Security
License
Reuse
Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
Support
Quality
Security
License
Reuse
Practical Windows Forensics Training
Support
Quality
Security
License
Reuse
A Python RESTful API framework for online malware analysis and threat intelligence services.
Support
Quality
Security
License
Reuse
SAMM stands for Software Assurance Maturity Model.
Support
Quality
Security
License
Reuse
Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
Support
Quality
Security
License
Reuse
AmongUsMenu is a Cheat Menu for the popular Game Among Us.
Support
Quality
Security
License
Reuse
C# Based Universal API Unhooker
Support
Quality
Security
License
Reuse
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
Support
Quality
Security
License
Reuse
Black-Box Adversarial Attack on Public Face Recognition Systems
Support
Quality
Security
License
Reuse
Volatility plugin for extracts configuration data of known malware
Support
Quality
Security
License
Reuse
Library for injecting a shared library into a Linux or Windows process
Support
Quality
Security
License
Reuse
Persisting in the Windows registry "invisibly"
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Support
Quality
Security
License
Reuse
A tool which utilizes Shodan to detect vulnerable IoT devices.
Support
Quality
Security
License
Reuse
Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
Support
Quality
Security
License
Reuse
Inject C# code into a running process
Support
Quality
Security
License
Reuse
A set of tutorials about code injection for Windows.
Support
Quality
Security
License
Reuse
Digital forensic acquisition tool for Windows based incident response.
Support
Quality
Security
License
Reuse
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
Support
Quality
Security
License
Reuse
The analyzer behind https://npms.io
Support
Quality
Security
License
Reuse
Lovingly referred to as the Swiss Army Knife of PC gaming, Special K does a bit of everything.
Support
Quality
Security
License
Reuse
PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
Support
Quality
Security
License
Reuse
OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
Support
Quality
Security
License
Reuse
VAC-proof 32bit DLL injector written in C++, using memory mapping and thread hijacking techniques
Support
Quality
Security
License
Reuse
Some ways to inject a DLL into a alive process
Support
Quality
Security
License
Reuse
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
Support
Quality
Security
License
Reuse
T
ThreadlessInjectby CCob
Threadless Process Injection using remote function hooking.
C#
467Updated: 2 y ago License: Permissive (MIT)
467Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
dllinjectorby OpenSecurityResearch
dll injection tool that implements various methods
C++ 465Updated: 2 y ago
License: No License (No License)
465Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
E
ExecuteAssemblyby med0x2e
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
C++ 464Updated: 2 y ago License: No License (No License)
464Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
a
awesome-anti-forensicby shadawck
Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.
HTML 460Updated: 2 y ago License: Proprietary (Proprietary)
460Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
S
Skadiby orlikoski
Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux
Shell 457Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
457Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
o
owasp-java-encoderby OWASP
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Java 452Updated: 2 y ago License: Permissive (BSD-3-Clause)
452Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
D
Dirty-Vanityby deepinstinct
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417
C 449Updated: 2 y ago License: No License (No License)
449Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
m
malware_analysisby hasherezade
Various snippets created during malware analysis
Python 441Updated: 2 y ago License: No License (No License)
441Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
p
pyHacksby Adastra-thw
Python Scripts for Hacking .
Python 436Updated: 2 y ago License: No License (No License)
436Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
R
RecuperaBitby Lazza
A tool for forensic file system reconstruction.
Python 436Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
436Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
p
process-injectby suvllian
在Windows环境下的进程注入方法:远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入
C 432Updated: 4 y ago License: No License (No License)
432Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
B
BlobRunnerby OALabs
Quickly debug shellcode extracted during malware analysis
C 431Updated: 2 y ago License: Permissive (MIT)
431Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
D
DARKSURGEONby cryps1s
DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.
PowerShell 428Updated: 4 y ago License: Permissive (MIT)
428Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
dfirtrackby dfirtrack
DFIRTrack - The Incident Response Tracking Application
Python 421Updated: 2 y ago License: Proprietary (Proprietary)
421Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
u
uacby tclahr
UAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Shell 420Updated: 2 y ago License: Permissive (Apache-2.0)
420Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
S
SecureCodingDojoby OWASP
The Secure Coding Dojo is a platform for delivering secure coding knowledge.
PHP 417Updated: 2 y ago License: Permissive (Apache-2.0)
417Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
o
owasp.github.ioby OWASP
OWASP Foundation main site repository
HTML 412Updated: 2 y ago License: Strong Copyleft (CC-BY-SA-4.0)
412Updated: 2 y ago License: Strong Copyleft (CC-BY-SA-4.0)Support
Quality
Security
License
Reuse
b
bitscoutby vitaly-kamluk
Remote forensics meta tool
Shell 412Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
412Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
l
libmemby rdbo
Advanced Game Hacking Library for C/C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External)
C 411Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
411Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
l
linux-explorerby intezer
Easy-to-use live forensics toolbox for Linux endpoints
HTML 397Updated: 2 y ago License: Permissive (Apache-2.0)
397Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
D
DriverInjectDllby strivexjun
Using Driver Global Injection dll, it can hide DLL modules
C++ 396Updated: 2 y ago License: No License (No License)
396Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
r
render-with-notepadby khalladay
A series of programs demonstrating the basics of Memory Scanning, Api Hooking and DLL Injection. The high point is using Notepad.exe as a render target, and playing snake in a notepad window
C++ 391Updated: 2 y ago License: Permissive (MIT)
391Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
s
skf-labsby blabla1337
Repo for all the OWASP-SKF Docker lab examples
Python 375Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
375Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
M
MemJectby danielkrupinski
Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.
C 367Updated: 2 y ago License: Permissive (MIT)
367Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
PWFby bluecapesecurity
Practical Windows Forensics Training
PowerShell 364Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)
364Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
m
malsubby diogo-fernan
A Python RESTful API framework for online malware analysis and threat intelligence services.
Python 354Updated: 2 y ago License: Proprietary (Proprietary)
354Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
s
sammby OWASP
SAMM stands for Software Assurance Maturity Model.
JavaScript 354Updated: 4 y ago License: No License (No License)
354Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
L
Live-Forensicatorby Johnng007
Powershell Script to aid Incidence Response and Live Forensics | Bash Script for MacOS Live Forensics and Incidence Response
PowerShell 351Updated: 2 y ago License: No License (No License)
351Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
A
AmongUsMenuby BitCrackers
AmongUsMenu is a Cheat Menu for the popular Game Among Us.
C++ 347Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
347Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
S
SharpUnhookerby GetRektBoy724
C# Based Universal API Unhooker
C# 344Updated: 2 y ago License: No License (No License)
344Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
n
ntfstoolby thewhiteninja
Forensics tool for NTFS (parser, mft, bitlocker, deleted files)
C++ 339Updated: 2 y ago License: Permissive (MIT)
339Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
Adversarial-Face-Attackby ppwwyyxx
Black-Box Adversarial Attack on Public Face Recognition Systems
Python 338Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
338Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
M
MalConfScanby JPCERTCC
Volatility plugin for extracts configuration data of known malware
Python 335Updated: 4 y ago License: Proprietary (Proprietary)
335Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
i
injectorby kubo
Library for injecting a shared library into a Linux or Windows process
C 326Updated: 2 y ago License: Strong Copyleft (GPL-2.0)
326Updated: 2 y ago License: Strong Copyleft (GPL-2.0)Support
Quality
Security
License
Reuse
I
InvisiblePersistenceby ewhitehats
Persisting in the Windows registry "invisibly"
C++ 325Updated: 2 y ago License: No License (No License)
325Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
a
analyzeMFTby dkovar
Python 322Updated: 4 y ago License: Proprietary (Proprietary)
322Updated: 4 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
W
Watcherby Felix83000
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Python 313Updated: 4 y ago License: Strong Copyleft (AGPL-3.0)
313Updated: 4 y ago License: Strong Copyleft (AGPL-3.0)Support
Quality
Security
License
Reuse
b
bamfby malwaredllc
A tool which utilizes Shodan to detect vulnerable IoT devices.
Python 310Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
310Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
M
MINTby Chuyu-Team
Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
C++ 302Updated: 2 y ago License: Permissive (MIT)
302Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
S
SharpNeedleby ChadSki
Inject C# code into a running process
C++ 302Updated: 4 y ago License: Permissive (BSD-2-Clause)
302Updated: 4 y ago License: Permissive (BSD-2-Clause)Support
Quality
Security
License
Reuse
i
injectopiby peperunas
A set of tutorials about code injection for Windows.
C 300Updated: 2 y ago License: Permissive (MIT)
300Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
d
dfirtriageby travisfoley
Digital forensic acquisition tool for Windows based incident response.
Python 298Updated: 2 y ago License: Permissive (Unlicense)
298Updated: 2 y ago License: Permissive (Unlicense)Support
Quality
Security
License
Reuse
C
CDQRby orlikoski
The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted drives and extracted artifacts from Windows, Linux, MacOS, and Android devices
Python 296Updated: 4 y ago License: Strong Copyleft (GPL-3.0)
296Updated: 4 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
n
npms-analyzerby npms-io
The analyzer behind https://npms.io
JavaScript 291Updated: 3 y ago License: Permissive (MIT)
291Updated: 3 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
S
SpecialKby SpecialKO
Lovingly referred to as the Swiss Army Knife of PC gaming, Special K does a bit of everything.
C++ 282Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
282Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
P
PowerLoaderExby BreakingMalware
PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
C++ 281Updated: 4 y ago License: No License (No License)
281Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse
D
DVWSby interference-security
OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
PHP 272Updated: 4 y ago License: Permissive (MIT)
272Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
S
Shtreebaby mdilai
VAC-proof 32bit DLL injector written in C++, using memory mapping and thread hijacking techniques
C++ 271Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)
271Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
P
ProcessInjectionby sud01oo
Some ways to inject a DLL into a alive process
C 268Updated: 4 y ago License: Permissive (MIT)
268Updated: 4 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CobaltStrikeReflectiveLoaderby boku7
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
C 267Updated: 4 y ago License: No License (No License)
267Updated: 4 y ago License: No License (No License)Support
Quality
Security
License
Reuse