Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
-
Updated
Jul 22, 2016 - C
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
A collection of useful radare2 scripts!
Scripts for extracting useful information from infected memory dumps
snake-charmer - the regression test suite for snake
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
Scripts for performing and detecting parent PID spoofing
A helper script for unpacking and decompiling EXEs compiled from python code.
A triage data collection script for macOS
ESF modular ingestion tool for development and research.
Add a description, image, and links to the countercept topic page so that developers can more easily learn about it.
To associate your repository with the countercept topic, visit your repo's landing page and select "manage topics."