Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flow…

Python bindings for CHMLIB

The python backend for MalShare because PHP can't do everything

Frontend for MalShare.com

A BinaryNinja plugin to graph a BNIL instruction tree

A YARA & Malware Analysis Toolkit written in Rust.

Binary Ninja plugin to resolve IOCTL codes to their WDK-defined names.

IoC Ninja is a Binary Ninja plugin that can improve the QoL of malware analysts.

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

Analyze pcaps with Zeek and a Grafana Dashboard

Look into EDR events from network

A utility to find identically configured domains and web-servers based on a pattern. Used to find phishing kits.

Repository for community provided Binary Ninja plugins

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

A .NET assembly tracer using Harmony for runtime method interception.

A wrapper around Roslyn language server which makes it compatible with editors other than VSCode

IDA Extras is a (growing) collection of IDA UI and other enhancements to overcome some challenges when using IDA.

Binary Ninja plugin to identify obfuscated code and other interesting code constructs

An even funnier way to disable windows defender. (through WSC api)

A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections, and behavioral indicators.

Files for the Reconstructing Rust Types: A Practical Guide for Reverse Engineers workshop at NorthSec 2025, presented on May 15, 2025.

Calltree generator for Binary Ninja

Windows kernel PDB data parsed into YAML

This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers.

This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) header…

Slides and materials for the talk Reconstructing Rust Types: A Practical Guide for Reverse Engineers at RE//verse 2025, presented on February 28, 2025.

A Qt widget based on QTextEdit, that changes its height automatically to accommodate the text