1095 Open source projects that are alternatives of or similar to Nt_wrapper

library for importing functions from dlls in a hidden, reverse engineer unfriendly way

Collection of scripts for different malware analysis tasks

Reverse engineering and software quality assurance tool for .NET assemblies

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Keep track of the labs from the book "Practical Malware Analysis"

Simple obfuscation tool

InfectPE - Inject custom code into PE file [This project is not maintained anymore]

Some results of my DGA reversing efforts

CLI tool to analyze PE files

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

Deobfuscation and analysis of PHP malware captured by a WordPress honey pot

🐺 Malware analysis platform

Qiling Advanced Binary Emulation Framework

A collection of hacking / penetration testing resources to make you better!

A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.

Android virtual machine and deobfuscator

Android library to reveal or obfuscate strings and assets at runtime

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

Assembly Tutorial for DOS

A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.

Exploit Development and Reverse Engineering with GDB Made Easy

Android Anti-Emulator

An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.

Packer/Protector for x86-64 ELF binaries on Linux

Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".

A private Lumina server for IDA Pro

Customizable design system of @wttj with react • styled-components • styled-system • reakit

Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

Volatility plugins developed and maintained by the community

Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode

Steam Controller reverse engineering and customization project.

Ghidra C++ Class and Run Time Type Information Analyzer

Boomerang Decompiler - Fighting the code-rot :)

基于 springboot + layuiadmin 实现的后台管理系统，V2.0.0中实现了使用spring security 进行权限控制，登录认证检验

TeleShadow - Telegram Desktop Session Stealer (Windows)

Drltrace is a library calls tracer for Windows and Linux applications.

Clusters and elements to attach to MISP events or attributes (like threat actors)

frick - aka the first debugger built on top of frida

Sleep function for Node.js All platforms.

A toy monolithic kernel written in C++

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Script to facilitate different functions and checks

Automatic and platform-independent unpacker for Windows binaries based on emulation

A C2 project that controls a self-propagating MS17-010 worm.

Yara Based Detection Engine for web browsers

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

One-step iOS binary runtime instrumentation for the lazy ones

Cat System Workshop is a regular meet-up focusing on “system software”. We would like to gather all developers to share their experience regarding system software and learn from each other, making system software more perfect and complete!

🐺 Malware analysis platform

The implementation of the Rascal meta-programming language (including interpreter, type checker, parser generator, compiler and JVM based run-time system)

Automated Payload Reverse Engineering Pipeline for the Controller Area Network (CAN) protocol

Scans PHP files for malwares and known threats

YARA malware query accelerator (web frontend)

Adds the ability to send CarrierWave uploads to Attachment Scanner for virus and malware prevention.

Crypto Ransomware made with: - Go for encryption and decryption - PHP/MySQL for saving and retrieving keys.

SenparcCoreFramework Template Project

Capstone: Keylogger Trojan

Code for my blog post on using S2E for malware analysis

Useful helper to read and use application configuration from environment variables.