Lists (1)
Stars
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Free and Open Source Reverse Engineering Platform powered by rizin
💻 C++ Functional Terminal User Interface. ❤️
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
☄️ AirPods desktop user experience enhancement program, for Windows and Linux (WIP)
Walnut is a simple application framework for Vulkan and Dear ImGui apps
Nidhogg is an all-in-one simple to use windows kernel rootkit.
library for importing functions from dlls in a hidden, reverse engineer unfriendly way
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
gooMBA is a Hex-Rays Decompiler plugin to simplify Mixed Boolean-Arithmetic (MBA) expressions
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Single-header, minimalistic, cross-platform hook library written in pure C
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables tha…
Demo proof of concept for shadow regions, and implementation of HyperDeceit.
Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
IDA Pro plugin to make bitfield accesses easier to grep
Detects virtual machines and malware analysis environments