9 repository-uri
Tools that use predefined data structures to format and export raw memory regions.
Distinct from Binary Memory Dumping: Distinct from raw binary dumping: uses Python ctypes to apply structure and formatting to the dump.
Explore 9 awesome GitHub repositories matching operating systems & systems programming · Structured Memory Dumping. Refine with filters or upvote what's useful.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Applies Python ctypes structures to memory addresses to dump and edit formatted binary data.
gops is a command-line diagnostic toolset for monitoring, profiling, and managing the runtime state of active Go applications. It functions as a runtime diagnostic tool that provides a focused interface for analyzing memory, profiling performance, and monitoring the health of running processes. The tool provides a set of specialized utilities including a performance profiler for capturing CPU and heap profiles, a memory analyzer for identifying leaks and triggering garbage collection, and a process monitor for discovering running binaries and visualizing process hierarchies. The project cove
Reports current Go memory and runtime statistics, including active concurrent execution threads, to assess resource allocation.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Extracts active modules from a running process's memory to recover the original binary code.
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
Provides methods for extracting plaintext passwords and hashes directly from active process memory.
Meltdown este un set de utilitare software concepute pentru a ocoli randomizarea adreselor de kernel și a face dump la memoria fizică pentru a exploata vulnerabilități de securitate la nivel hardware. Servește drept dovadă de concept pentru vulnerabilitatea hardware Meltdown, permițând citirea memoriei protejate a kernel-ului pe procesoarele afectate. Instrumentul oferă capabilități pentru a identifica offset-ul secret de randomizare al hărții fizice directe pentru a localiza memoria kernel-ului. De asemenea, include funcționalitatea de a exporta segmente mari de memorie fizică în format hexdump pentru recuperarea șirurilor și parolelor sensibile. Proiectul acoperă analiza memoriei prin calcularea offset-ului de kernel și scurgerea memoriei fizice. Include, de asemenea, capacitatea de a măsura acuratețea și consistența datelor scurse din memoria fizică pentru a verifica fiabilitatea vulnerabilității hardware.
Exports large segments of physical memory into hexdump format for the recovery of strings and passwords.
MimiPenguin este un instrument Linux de extracție a credențialelor din memorie și recuperare a parolelor, conceput pentru a izola și recupera parolele de autentificare ale utilizatorilor în text clar din memoria proceselor active. Funcționează ca un utilitar post-exploatare pentru extragerea credențialelor sensibile din sesiunile utilizatorilor desktop în timpul evaluărilor de securitate. Instrumentul efectuează criminalistică a memoriei Linux prin analizarea memoriei proceselor de sistem pentru a identifica și izola credențialele. Este utilizat pentru testarea de penetrare a securității și evaluarea riscurilor asociate atacurilor bazate pe memorie, precum și pentru testarea escaladării privilegiilor locale. Sistemul vizează memoria sesiunii utilizatorului prin dump-ul memoriei virtuale a proceselor care rulează. Utilizează scanarea memoriei bazată pe tipare, identificarea euristică a parolelor și izolarea credențialelor în text clar pentru a distinge parolele potențiale de datele binare.
Extracts sensitive credentials from active process memory using specialized loaders.
x-cmd is an AI agent orchestrator, cloud infrastructure CLI, and cross-platform package manager that provides an enhanced POSIX shell toolkit. It integrates large language models directly into the terminal for chatting, code generation, and the execution of agentic workflows, while offering a framework for building interactive terminal user interface components. The project distinguishes itself by deploying containerized AI agents within isolated sandboxes, provisioning them with specialized skills and headless browser automation capabilities. It further streamlines development through a unif
Converts system memory statistics into structured formats for programmatic use.
BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij
Extracts credentials and sensitive data from active process memory using in-memory loaders.
Mimikatz is a Windows post-exploitation framework designed for extracting plaintext passwords, hashes, PIN codes, and security tokens from system memory and the registry. It functions as a credential extraction tool that targets the Local Security Authority Subsystem Service to retrieve cached credentials and sensitive account data. The project provides specialized capabilities for Active Directory penetration testing, including the simulation of domain controllers to replicate directory secrets. It features a Kerberos ticket manipulator capable of exporting, injecting, and forging authentica
Reads process memory directly to extract sensitive credentials stored by the local security authority.