3 Repos
Extracting specific active modules and files from process memory to recover original code.
Distinct from Credential Memory Dumping: Distinct from Credential Memory Dumping by focusing on recovering executable code modules rather than sensitive secrets.
Explore 3 awesome GitHub repositories matching operating systems & systems programming · Module Memory Extraction. Refine with filters or upvote what's useful.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Extracts active modules from a running process's memory to recover the original binary code.
WinPwn is a Windows penetration testing framework and security toolkit designed for auditing Active Directory and exploiting Windows environments. It provides a collection of automated tools and scripts for domain enumeration, credential theft, and privilege escalation. The toolkit distinguishes itself through capabilities for neutralizing antimalware scanning interfaces to evade detection and providing offline binary packaging for execution on isolated systems without internet access. It also includes specialized utilities for intercepting and relaying SMB authentication traffic to gain unau
Retrieves passwords and hashes by scanning system memory and analyzing local storage files.
WinPwn is a Windows penetration testing framework designed for conducting internal security assessments and privilege escalation. It functions as a suite for Active Directory security auditing, credential extraction, and the execution of privilege escalation scripts. The toolset enables the automation of SMB relay attacks to intercept and reuse authentication hashes. It provides specialized capabilities for retrieving passwords and hashes from system memory, registries, and browsers using obfuscated techniques to avoid detection. The framework covers broad capability areas including domain a
Extracts authentication secrets and password hashes from system memory using obfuscated techniques.