Free and Open Source Reverse Engineering Platform powered by rizin

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Hook system calls, context switches, page faults and more.

User interface for recording and managing ETW traces

A dynamic VMP dumper and import fixer, powered by VTIL.

An Active Defense and EDR software to empower Blue Teams

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

RouterOS Security Research Tooling and Proof of Concepts

Enumerate and disable common sources of telemetry used by AV/EDR.

Adaptive DLL hijacking / dynamic export forwarding

Shellcode launcher utility

source code

IDA Pro plugin that changes color of call instructions and works with all architectures