MCP Server for Ghidra

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

icicle-emu based emulator plugin for Binary Ninja.

Vulnerable EDR

Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!

anti-ransomware file-system filter

A Binary Ninja plugin that uses bruteforced XFG hashes to recover precise function prototypes

Program to dump process memory for import in Ghidra

Project template for unicorn based on CPM.

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

A python script that can be used to scan data within in an IDB using Yara.

A Pin Tool for tracing API calls etc

Malware Configuration And Payload Extraction

Diaphora, the most advanced Free and Open Source program diffing tool.

xAnalyzer plugin for x64dbg

codes for my blog post: https://secrary.com/Random/InstrumentationCallback/

Demo of hooking NtCreateFile in Notepad on x64 Windows 10 using EasyHook library

Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.

Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary

VirtualBox VM detection mitigation loader

Sample use cases of the .NET native code hooking technique

MS17-010

Official repository of Pandora's Bochs, a Bochs-based automated unpacker for runtime-packed Windows executables

IDA pro plugin to find crypto constants (and more)

idaemu is an IDA Pro Plugin - use for emulating code in IDA Pro.