CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

Hypervisor Memory Introspection Core Library

Command line Java Decompiler

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

Debug Child Process Tool (auto attach)

IDA Python scripts

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Proofs-of-concept

A small, null-free Windows shellcode that executes calc.exe (x86/x64, all OS/SPs)

please use https://github.com/fireeye/vivisect instead

.NET deobfuscator and unpacker.

Cortex: a Powerful Observable Analysis and Active Response Engine

CLI tool for open source and threat intelligence

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

Veil 3.1.X (Check version info in Veil at runtime)

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

16,432 Free Yara rules created by

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Library to load a DLL from memory.

Windows memory hacking library

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

A hacky debugger UI for hackers

pefile is a Python module to read and work with PE (Portable Executable) files

The pyspresso package is a Python-based framework for debugging Java.

YARA signature and IOC database for my scanners and tools

Minimal PyPI server for uploading & downloading packages with pip/easy_install

yarGen is a generator for YARA rules

Python Decoders for Common Remote Access Trojans