RME-DisCo Research Group

All

36 repositories

APOTHEOSIS
Public
A specialized implementation of the Hierarchical Navigable Small World (HNSW) data structure adapted for efficient nearest neighbor lookup of approximate matchi…
python3 approximate-nearest-neighbor-search approximate-matching hnsw
Python
•
GNU General Public License v3.0
•3•10•0•0•Updated Jan 26, 2026Jan 26, 2026
heaplist
Public
Volatility 3 plugin to extract the heap from Windows memory images
windows incident-response dfir heap digital-forensics digital-forensics-incident-response volatility3
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Dec 20, 2025Dec 20, 2025
BinTopsy
Public
A lightweight Python toolkit for static malware analysis, binary entropy visualization, and threat intelligence gathering. Includes tools for disassembly, YARA …
Python
•
GNU General Public License v3.0
•0•2•0•0•Updated Nov 26, 2025Nov 26, 2025
Characterizing-TTPs-in-the-macOS-Threat-Landscape
Public
Source data and Scripts used for the paper: Characterizing Tactics, Techniques, and Procedures in the macOS Threat Landscape
Python
•0•0•0•0•Updated Nov 12, 2025Nov 12, 2025
MalGraphIQ
Public
Transform your malware sandbox reports and execution traces into behavior and category graphs and plot their Windows Behavior Catalog (WBC) behavior identificat…
visualization windows behavior graphs sandbox malware backtracking malware-analysis malware-research malware-detection
Python
•
GNU General Public License v3.0
•1•0•0•0•Updated Oct 22, 2025Oct 22, 2025
KeyReaper
Public
KeyReaper: Memory Forensic Driven Key Extraction
C++
•
GNU Lesser General Public License v3.0
•2•2•0•0•Updated Sep 19, 2025Sep 19, 2025
rme-Python-toolkit
Public
A collection of Python tools developed and maintained by the Reverseame research group.
cli-tools
Python
•0•0•0•0•Updated Sep 1, 2025Sep 1, 2025
exploring-ZeroShot-LLM-DGA
Public
A framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs) used by malware for Command and Control comm…
dga agd llm
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jul 18, 2025Jul 18, 2025
LLM-DGA-lab
Public
Framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs). Supports 9 LLMs across 4 vendors with binary/…
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jul 18, 2025Jul 18, 2025
MALVADA
Public
MALVADA: Malware Execution Traces Dataset generation.
malware dataset malware-analysis malware-research datasets dataset-generation malware-samples malware-dataset datasets-preparation malware-execution
Python
•
GNU General Public License v3.0
•2•6•0•0•Updated Jul 12, 2025Jul 12, 2025
RAMPAGE
Public
RAMPAGE is a framework aimed at training and comparing machine learning models for the detection of Algorithmically Generated Domains.
machine-learning tensorflow malware keras python3 malware-research dga dga-detection
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 24, 2025Jun 24, 2025
synoptic
Public
Synoptic: Concolic execution for network protocol inference
python symbolic-execution finite-state-machine pintool network-analysis network-protocols concolic-execution dynamic-control-flow-graph
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 13, 2025Jun 13, 2025
winapi-categories
Public
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
windows winapi syscalls windows-api system-calls native-api ntapi windows-syscalls windows-functions
Python
•
GNU General Public License v3.0
•2•25•1•0•Updated Jun 11, 2025Jun 11, 2025
windows-behavior-catalog
Public
Windows Behavior Catalog (WBC) is a collection of fundamental behaviors for Windows OS, represented as a sequence of Windows API and/or syscalls.
windows behavior catalog analysis malware behavioral windows-api windowsapi behavioral-analysis
C++
•
GNU General Public License v3.0
•0•1•0•0•Updated Jun 10, 2025Jun 10, 2025
MANTILLA
Public
...
Jupyter Notebook
•
GNU General Public License v3.0
•0•0•0•0•Updated Jan 14, 2025Jan 14, 2025
capemon
Public
capemon: CAPE's monitor
C
•
GNU General Public License v3.0
•59•2•0•0•Updated Dec 18, 2024Dec 18, 2024
cape-hook-generator
Public
CAPEv2 (capemon) hook skeleton generator (hookdefs) for your malware analysis needs.
windows api hooks hook sandbox malware malware-analysis malware-research windowsapi malware-samples
Python
•
GNU General Public License v3.0
•0•2•0•0•Updated Dec 16, 2024Dec 16, 2024
winesap
Public
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
python malware-analysis volatility volatility-plugins malware-persistence autostar-extensibility-points aesp
Python
•
GNU Affero General Public License v3.0
•0•10•0•0•Updated May 16, 2024May 16, 2024
MOSTO-Modbus-simulator
Public
MOSTO is a SCADA network device simulator based on ModbusTCP communications. Based on Python3
simulator modbus-tcp
Python
•
GNU General Public License v3.0
•3•6•1•0•Updated Aug 16, 2023Aug 16, 2023
processfuzzyhash
Public
Volatility plugin to calculate and compare Windows processes fuzzy hashes
python dcfldd volatility ssdeep tlsh fuzzy-hashes sdhash volatility-plugins
Python
•
GNU Affero General Public License v3.0
•1•7•0•0•Updated Jul 25, 2023Jul 25, 2023
similarity-unrelocated-module
Public
Volatility plugin to yield and compare similarity digest of modules on execution.
python sum volatility memory-forensics volatility-plugins approximate-matching fuzzy-hash similarity-digest
Python
•
GNU General Public License v3.0
•0•1•1•0•Updated Jul 25, 2023Jul 25, 2023
windows-memory-extractor
Public
Tool to extract contents from the memory of Windows systems.
windows memory-forensics
C++
•
GNU General Public License v3.0
•3•13•0•0•Updated Jul 4, 2023Jul 4, 2023
EvalMe
Public
EvalMe: an evaluation and benchmarking tool
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 27, 2023Jun 27, 2023
pinVMShield
Public
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
dbi pintool pin cuckoo-sandbox anti-sandbox anti-vm dynamic-binary-instrumentation
C++
•
GNU General Public License v3.0
•2•11•0•0•Updated Jun 13, 2023Jun 13, 2023
Secure_Socket
Public
C++ Sockets implementing hybrid encryption
linux hybrid-encryption software-library
C++
•0•1•0•0•Updated Jun 13, 2023Jun 13, 2023
malscan
Public
Volatility plugin to detect malicious code thanks to ClamAV
python clamav malware-analysis volatility volatility-plugins
Python
•
GNU Affero General Public License v3.0
•1•3•0•0•Updated Jun 13, 2023Jun 13, 2023
sigcheck
Public
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
python openssl authenticode volatility sigcheck volatility-plugins
Python
•
GNU General Public License v3.0
•4•20•3•0•Updated Jun 13, 2023Jun 13, 2023
modex
Public
Volatility 3 plugins to extract a module as complete as possible
memory-forensics volatility-plugins volatility3
Python
•
GNU General Public License v3.0
•0•12•0•0•Updated Jun 13, 2023Jun 13, 2023
rop3
Public
A tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure
windows evaluation rop turing-completeness rop-chain automatic-exploit
Python
•
GNU General Public License v3.0
•0•19•1•0•Updated Jun 13, 2023Jun 13, 2023
chiton
Public
Chiton is a Python library to exfiltrate data encapsulating the data into IoT protocol’s packets
python mqtt iot coap amqp data-exfiltration amqp1-0
Python
•
GNU General Public License v3.0
•0•1•0•0•Updated Jun 12, 2023Jun 12, 2023