Utilities for Sysmon

AdaptixC2 is a highly modular advanced redteam toolkit

Vigil - an ever improving 100% OpenSource AI system for security

Triton-based DSE library with loading and exploration capabilities (and more!)

A curated knowledge base to build, run and mature a SOC (including CSIRT).

Coefficient-Based Reconstruction of Arithmetic — a Mixed Boolean-Arithmetic (MBA) expression simplifier for deobfuscation

Rust Windows EDR (user-mode, no driver): ETW → Sysmon-style normalization → Sigma/Yara/IOC detection → ECS NDJSON alerts.

Anti-LLM obfuscation via finger counting

memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V

PE (and elf now!) bin2bin obfuscator

GoogleTest - Google Testing and Mocking Framework

x86-64 Assembler based on Zydis

Agentic malware analysis environment with MCP-connected disassemblers, RE tooling, and structured workflows for Claude Code and Codex CLI.

Language Model Agent Instructions for Binary Refinery

Official Elastic Skills

Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of…

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

AI agents running research on single-GPU nanochat training automatically

Claude Code skill to support Android app's reverse engineering

binary ninja cli for agents

Headless Ghidra MCP server — giving AI agents deep reverse-engineering capabilities.

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

Runtime security enforcement and threat hunting engine for autonomous AI fleets. Build Swarm Detection & Response (SDR) platforms with Clawdstrike.

Shifting.Codes

Pintool example and PoC for dynamic binary analysis

Extract AutoIt scripts embedded in PE binaries

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, Plaso, $MFT, and $J files with built-in process inspection, lateral movement tracking, persistence detection, and V…