🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Official Transmission BitTorrent client repository

Record and Replay Framework

Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web

Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system

RetDec is a retargetable machine-code decompiler based on LLVM.

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.

Reverse engineering focusing on x64 Windows.

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM.

Hook system calls, context switches, page faults and more.

Open EDR public repository

Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.

WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.

Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Hide your Powershell script in plain sight. Bypass all Powershell security features

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

RpcView is a free tool to explore and decompile Microsoft RPC interfaces

Win32 and Kernel abusing techniques for pentesters

New version of RottenPotato as a C++ DLL and standalone C++ binary - no need for meterpreter or other tools.

Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.