4 repositorios
Methods for executing code directly in memory to bypass disk-based security controls.
Distinguishing note: Focuses on the execution technique rather than general exploit development.
Explore 4 awesome GitHub repositories matching security & cryptography · Memory Injection Techniques. Refine with filters or upvote what's useful.
The framework is a comprehensive penetration testing platform designed for the development, testing, and execution of security exploits. It serves as a research toolkit and automated assessment environment, enabling security professionals to identify and validate vulnerabilities within networked systems and infrastructure through repeatable, standardized procedures. The platform distinguishes itself through a modular architecture that supports reflective payload injection, allowing for the execution of code directly in memory without writing to disk. It utilizes an asynchronous event loop to
Executes code directly within process memory space to avoid writing artifacts to the disk.
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
Provides techniques for executing code directly in memory to bypass disk-based security controls.
Unicorn es una colección de utilidades para generar archivos HTA maliciosos, macros VBA, comandos de PowerShell codificados y frameworks de inyección de shellcode residentes en memoria. Proporciona herramientas para crear payloads diseñados para lograr la ejecución remota de código al eludir los controles de seguridad. El proyecto se centra en la creación de documentos de oficina armados a través de macros y fórmulas VBA, la generación de vectores de ataque HTA y la creación de payloads de PowerShell codificados. Incluye un framework de inyección de shellcode para envolver shellcode externo para su ejecución directa en la memoria del sistema. El kit de herramientas cubre la conversión de binario a base64 para transferencias de archivos basadas en certificados y métodos para evitar la detección basada en disco. También incluye capacidades para la codificación de scripts de PowerShell y ataques de degradación de versión para eludir las políticas de ejecución y las restricciones de seguridad.
Implements methods for injecting shellcode directly into system memory to bypass disk-based security monitoring.
pe-sieve is a set of diagnostic tools for scanning Windows process memory to identify malicious implants, shellcode, and hooks. It functions as an in-memory implant detector, malware unpacker, and process callstack analyzer designed to locate and dump memory patches and injected code from running processes. The project identifies advanced evasion techniques, such as process hollowing and reflective injection, by verifying portable executable structures in memory. It distinguishes itself by analyzing process callstacks to detect anomalies and redirections and by reconstructing executable heade
Identifies specific markers of process hollowing and reflective loading by comparing memory regions against disk images.