Stars
Collection of malware source code for a variety of platforms in an array of different programming languages.
IFL - Interactive Functions List (plugin for IDA Pro)
Parsers for custom malware formats ("Funky malware formats")
.NET deobfuscator and unpacker.
Malware Analysis Exercise Samples and Resources
Small tool to convert beteween the PE alignments (raw and virtual).
Noriben - Portable, Simple, Malware Analysis Sandbox
A living guide to lesser-known and evasive Windows API abuses used in malware, with practical reverse engineering notes, YARA detections, and behavioral indicators.
Checksec, but for Windows: static detection of security mitigations in executables
Source code for complete MALicious softWARE books I & II
Hex-Rays microcode API plugin for breaking an obfuscating compiler
🔐 Open-source malware mutex intelligence platform. Database of mutex signatures for threat hunting, malware analysis, and cybersecurity research.
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
A curated list of awesome malware persistence tools and resources.
Some of my publicly available Malware analysis and Reverse engineering.
Regshot is a small, free and open-source registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes…
Quickly debug shellcode extracted during malware analysis
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
Graphical interface for PortEx, a Portable Executable and Malware Analysis Library
Automated YARA Rule Standardization and Quality Assurance Tool