jitmJITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
Stars: ✭ 27 (-90.62%)
linux-peCOFF and Portable Executable format described using standard C++ with no dependencies.
Stars: ✭ 163 (-43.4%)
bazaarAndroid security & privacy analysis for the masses
Stars: ✭ 191 (-33.68%)
telfhashSymbol hash for ELF files
Stars: ✭ 75 (-73.96%)
PepperPE (x86) and PE+ (x64) files viewer, based on libpe.
Stars: ✭ 65 (-77.43%)
emeraldImport DynamoRIO drcov code coverage data into Ghidra
Stars: ✭ 30 (-89.58%)
mem64Run Any Native PE file as a memory ONLY Payload , most likely as a shellcode using hta attack vector which interacts with Powershell.
Stars: ✭ 26 (-90.97%)
assemblylineAssemblyLine 4 - File triage and malware analysis
Stars: ✭ 69 (-76.04%)
bonomenBONOMEN - Hunt for Malware Critical Process Impersonation
Stars: ✭ 42 (-85.42%)
pe-loaderA Windows PE format file loader
Stars: ✭ 81 (-71.87%)
WeDefend⛔🛡️ WeDefend - Monitor and Protect Windows from Remote Access Trojan
Stars: ✭ 23 (-92.01%)
DrltraceDrltrace is a library calls tracer for Windows and Linux applications.
Stars: ✭ 282 (-2.08%)
aparoidStatic and dynamic Android application security analysis
Stars: ✭ 62 (-78.47%)
pftriagePython tool and library to help analyze files during malware triage and analysis.
Stars: ✭ 77 (-73.26%)
angr-antievasionFinal project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).
Stars: ✭ 35 (-87.85%)
OwlyshieldOwlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (-2.43%)
MalwareHashDBMalware hashes for open source projects.
Stars: ✭ 31 (-89.24%)
FactionsPEMost advanced factions plugin for PocketMine-MP
Stars: ✭ 46 (-84.03%)
rtfraptorExtract OLEv1 objects from RTF files by instrumenting Word
Stars: ✭ 50 (-82.64%)
The Backdoor FactoryPatch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors
Stars: ✭ 2,904 (+908.33%)
maldetectDebian packaging of Linux Malware Detect (https://github.com/rfxn/linux-malware-detect)
Stars: ✭ 48 (-83.33%)
Cave minerSearch for code cave in all binaries
Stars: ✭ 218 (-24.31%)
stringsifterA machine learning tool that ranks strings based on their relevance for malware analysis.
Stars: ✭ 567 (+96.88%)
malware-persistenceCollection of malware persistence and hunting information. Be a persistent persistence hunter!
Stars: ✭ 109 (-62.15%)
GeyserA bridge/proxy allowing you to connect to Minecraft: Java Edition servers with Minecraft: Bedrock Edition.
Stars: ✭ 2,851 (+889.93%)
speakeasyWindows kernel and user mode emulation.
Stars: ✭ 1,017 (+253.13%)
Windows SecurityResources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
Stars: ✭ 165 (-42.71%)
rtfsigA tool to help malware analysts signature unique parts of RTF documents
Stars: ✭ 28 (-90.28%)
FilebytesLibrary to read and edit files in the following formats: Executable and Linking Format (ELF), Portable Executable (PE), MachO and OAT (Android Runtime)
Stars: ✭ 105 (-63.54%)
REW-sploitEmulate and Dissect MSF and *other* attacks
Stars: ✭ 115 (-60.07%)
FloodgateHybrid mode plugin to allow for connections from Geyser to join online mode servers.
Stars: ✭ 101 (-64.93%)
MalScanA Simple PE File Heuristics Scanners
Stars: ✭ 41 (-85.76%)
App PeidPEiD detects most common packers, cryptors and compilers for PE files.
Stars: ✭ 72 (-75%)
Win Version InfoWindows-only native addon to read version info from executables.
Stars: ✭ 5 (-98.26%)
python-icap-yaraAn ICAP Server with yara scanner for URL and content.
Stars: ✭ 50 (-82.64%)
AmberReflective PE packer.
Stars: ✭ 594 (+106.25%)
yaraMalice Yara Plugin
Stars: ✭ 27 (-90.62%)
Rop ToolA tool to help you write binary exploits
Stars: ✭ 590 (+104.86%)
SimpleatorSimpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
Stars: ✭ 260 (-9.72%)
BearparserPortable Executable parsing library (from PE-bear)
Stars: ✭ 415 (+44.1%)
UnAutoItThe Cross Platform AutoIt Extractor
Stars: ✭ 90 (-68.75%)
Pepper An open source script to perform malware static analysis on Portable Executable
Stars: ✭ 250 (-13.19%)
Vba2graphVba2Graph - Generate call graphs from VBA code, for easier analysis of malicious documents.
Stars: ✭ 245 (-14.93%)
binlexA Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+5.21%)
NaoSimple No-meaning Assembly Omitter for IDA Pro (This is just a prototype)
Stars: ✭ 228 (-20.83%)
static file analysisAnalysis of file (doc, pdf, exe, ...) in deep (emmbedded file(s)) with clamscan and yara rules
Stars: ✭ 34 (-88.19%)
MedusaBinary instrumentation framework based on FRIDA
Stars: ✭ 258 (-10.42%)
Freki🐺 Malware analysis platform
Stars: ✭ 285 (-1.04%)
freki🐺 Malware analysis platform
Stars: ✭ 327 (+13.54%)
MiniNT5-Toolssmall Windows 10 (based on Windows PE) with customised tools
Stars: ✭ 34 (-88.19%)
csbdThe repository contains the python implementation of the Android Malware Detection paper: "Empirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios"
Stars: ✭ 20 (-93.06%)
SuperLibraryInformation Security Library
Stars: ✭ 60 (-79.17%)