Malware
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …
Collection of malware source code for a variety of platforms in an array of different programming languages.
Intel.AES-NI: Leveraging Intel AES-NI for AES-128 & AES-256 Encryption Modes
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.
Curated resources for malware dev, reverse engineering, and defensive security research.
The FLARE team's open-source tool to identify capabilities in executable files.
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers …
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Ransomware simulator written in Golang
Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
A not so awesome list of malware gems for aspiring malware analysts
PSAmsi is a tool for auditing and defeating AMSI signatures.
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ https://windows-internals.com
Simple executable generator with encrypted shellcode.