MeltingPotA tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.
MalwareDatabaseMalware samples for analysis, researchers, anti-virus and system protection testing.(1300+ Malware-samples!)
Fake-Sandbox-ArtifactsThis script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools
ThreatKBKnowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)
pyc2bytecodeA Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
YAFRAYAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
jawsJaws is an invisible programming language! Inject invisible code into other languages and files! Created for security research -- see blog post
auroraMalware similarity platform with modularity in mind.
Vendor-Threat-Triage-LookupLookup file hashes, domain names and IP addresses using various vendors to assist with triaging potential threats.
memscrimperCode for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Anti-DebuggingA collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
binlexA Binary Genetic Traits Lexer Framework
bluepillBluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
assemblylineAssemblyLine 4 - File triage and malware analysis
bonomenBONOMEN - Hunt for Malware Critical Process Impersonation
WeDefend⛔🛡️ WeDefend - Monitor and Protect Windows from Remote Access Trojan
ioc-fangerFang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
VX-APICollection of various malicious functionality to aid in malware development