Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Stars: ✭ 2,026 (+605.92%)

Mutual labels: malware, reverse-engineering

Dex Oracle

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

Stars: ✭ 398 (+38.68%)

Mutual labels: malware, reverse-engineering

Lime Crypter

Simple obfuscation tool

Stars: ✭ 217 (-24.39%)

Mutual labels: malware, obfuscation

Asm

Assembly Tutorial for DOS

Stars: ✭ 125 (-56.45%)

Mutual labels: low-level, system

kiteshield

Packer/Protector for x86-64 ELF binaries on Linux

Stars: ✭ 71 (-75.26%)

Mutual labels: obfuscation, malware

Anti Emulator

Android Anti-Emulator

Stars: ✭ 587 (+104.53%)

Mutual labels: malware, reverse-engineering

Infectpe

InfectPE - Inject custom code into PE file [This project is not maintained anymore]

Stars: ✭ 266 (-7.32%)

Mutual labels: malware, reverse-engineering

Php Malware Analysis

Deobfuscation and analysis of PHP malware captured by a WordPress honey pot

Stars: ✭ 82 (-71.43%)

Mutual labels: malware, reverse-engineering

Domain generation algorithms

Some results of my DGA reversing efforts

Stars: ✭ 417 (+45.3%)

Mutual labels: malware, reverse-engineering

Practicalmalwarelabs

Keep track of the labs from the book "Practical Malware Analysis"

Stars: ✭ 130 (-54.7%)

Mutual labels: malware, reverse-engineering

Simplify

Android virtual machine and deobfuscator

Stars: ✭ 3,865 (+1246.69%)

Mutual labels: malware, reverse-engineering

Drakvuf Sandbox

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

Stars: ✭ 384 (+33.8%)

Mutual labels: malware, reverse-engineering

Qiling

Qiling Advanced Binary Emulation Framework

Stars: ✭ 2,816 (+881.18%)

Mutual labels: malware, reverse-engineering

Simpleator

Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".

Stars: ✭ 260 (-9.41%)

Mutual labels: malware, reverse-engineering

View All Similar Projects ➔

nt_wrapper

A header only wrapper library around native windows system APIs.

WARNING: the API of version 2 is still unstable

Highlights of currently implemented features

System information:

Handles enumeration -> ntw::system::handles
Process enumeration -> ntw::system::processes
- Threads enumeration -> ntw::system::thread_info
Loaded drivers enumeration -> ntw::system::loaded_drivers
Memory operations with RAII constructs -> ntw::memory

Object manipulation:

Process -> ntw::ob::process
Thread -> ntw::ob::thread
File -> ntw::ob::file
Token -> ntw::ob::token
Registry -> ntw::ob::registry And more

Design goals

No exceptions - if a function can fail it will return a status code.
No overhead - every single abstraction is costless and is as fast as it can be.
Ease of developer use - it is a much more consistent and pleasant to work with compared to win32.

Why?

The main reason to choose this library over existing windows constructs are:

Speed - even with lazy_importer your code is likely to be faster compared to win32 API.
Ease of use - the language of choice is c++ and allows you to use modern alternatives to old C.
Obfuscation - it is a lot harder to reverse engineer an application which uses obfuscated imports or direct syscalls.

Installing dependencies using vcpkg

> git clone https://github.com/microsoft/vcpkg
> cd vcpkg
> ./bootstrap-vcpkg.sh
> ./vcpkg install phnt

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 287

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (5) 🔗