Materials for Windows Malware Analysis training (volume 1)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

An easy ATT&CK-based Sysmon hunting tool, showing in Blackhat USA 2019 Arsenal

Various snippets created during malware analysis

a Simple tool.Based on fofa.so

IDA pro plugin to find crypto constants (and more)

loveyue系列1到8的源码

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

IDAPython plugin that synchronizes disassembler and decompiler views

PowerShell Obfuscator

Interesting apt report collection and some special ioc express

APT34/OILRIG leak

RDP Wrapper Library

Signature base for my scanner tools

Vba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.

Config decryptor for HawkEye Keylogger - Reborn v9

Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU

Loki - Simple IOC and Incident Response Scanner

A free but powerful Windows kernel research tool

ICS/SCADA honeypot

VirusTotal Wanna Be - Now with 100% more Hipster

Extract OLEv1 objects from RTF files by instrumenting Word

T-Pot Universal Installer and ISO Creator

PowerSploit - A PowerShell Post-Exploitation Framework

A curated list of awesome malware analysis tools and resources.

BYOB (Build Your Own Botnet)

Remote Administration Tool for Windows