Library for lifting machine code to LLVM bitcode

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

Operational Technology related Yara rules for the 2024 #100daysofYARA challenge. #OT #ICS #SCADA

Rules shared by the community from 100 Days of YARA 2024

This Zeek package provides the possibility to detect exfiltration through statistical analysis methods.

A ProcessMonitor visualization application written in rust.

Remote forensics meta tool

JADX-gui scripting plugin for dynamic decompiler manipulation

Discover TimeDateStamps In PE File

Visually inspect and force decode YARA and regex matches found in both binary and text data with colors. Lots of colors.

bad stuffs by bad guys

Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results

Rekall Memory Forensic Framework

extract info from apk files

User-friendly Microsoft Windows Debugger for Malware Analysts.

Crack legacy zip encryption with Biham and Kocher's known plaintext attack.

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

Fast directory scanning and scraping tool

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

SHAREM is a shellcode analysis framework, capable of emulating more than 45,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur…

Quokka: A Fast and Accurate Binary Exporter

YARI is an interactive debugger for YARA Language.

Rapidly Search and Hunt through Windows Forensic Artefacts

A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.

yxd - Yuu's heX Dumper