Dump-GUY
Threat Researcher at Check Point (Former Forensic, Malware Analyst, Reverse Engineer - CERT)
CZE
Pinned Repositories
ConfuserEx2_String_Decryptor
ConfuserEx2 String Decryptor & Full Deobfuscation Guide
EXE-or-DLL-or-ShellCode
Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...
Get-PDInvokeImports
Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke usage in assembly. Showing all locations from where they are referenced and Exports all to DnSpy_Bookmarks.xml
ghidra_scripts
IDA_PHNT_TYPES
Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
Invoke-DetectItEasy
Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.
Malware-analysis-and-Reverse-engineering
Some of my publicly available Malware analysis and Reverse engineering.
Python3---Binary-Data-Manipulation
Python 3 - Manipulation and conversation with different data type (Bytes operations)
sc2elf
Simple dotnet Native AOT app that uses LibObjectFile to convert shellcode to ELF
sc2pe
Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
Dump-GUY's Repositories
Dump-GUY/Malware-analysis-and-Reverse-engineering
Some of my publicly available Malware analysis and Reverse engineering.
Dump-GUY/EXE-or-DLL-or-ShellCode
Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...
Dump-GUY/IDA_PHNT_TYPES
Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
Dump-GUY/ghidra_scripts
Dump-GUY/sc2pe
Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
Dump-GUY/ConfuserEx2_String_Decryptor
ConfuserEx2 String Decryptor & Full Deobfuscation Guide
Dump-GUY/sc2elf
Simple dotnet Native AOT app that uses LibObjectFile to convert shellcode to ELF
Dump-GUY/Malware_TEMP
Temp files related to MA and RE
Dump-GUY/.NET-Deobfuscator
Lists of .NET Deobfuscator and Unpacker (Open Source)
Dump-GUY/IDAPython-Malware-Scripts
Dump-GUY/minhook
The Minimalistic x86/x64 API Hooking Library for Windows
Dump-GUY/tiny_tracer
A Pin Tool for tracing API calls etc
Dump-GUY/CrossInject
32 bit process inject shellcode to 32 bit process and 64 bit process
Dump-GUY/sandbox-attacksurface-analysis-tools
Set of tools to analyze Windows sandboxes for exposed attack surface.
Dump-GUY/AsyncRAT-C-Sharp
Open-Source Remote Administration Tool For Windows C# (RAT)
Dump-GUY/dp701
Dark theme for IDA Pro
Dump-GUY/GarbageMan
GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
Dump-GUY/lighthouse
A Coverage Explorer for Reverse Engineers
Dump-GUY/perfect-dll-proxy
Perfect DLL Proxying using forwards with absolute paths.
Dump-GUY/phnt-single-header
Single header version of System Informer's phnt library.
Dump-GUY/RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Dump-GUY/RETools
My reversing tools. Some custom, some not.
Dump-GUY/SecHex-Spoofy
C# HWID Changer 🔑︎ Disk, Guid, Mac, Gpu, Pc-Name, Win-ID, EFI, SMBIOS Spoofing [Usermode]
Dump-GUY/clrmd
Microsoft.Diagnostics.Runtime is a set of APIs for introspecting processes and dumps.
Dump-GUY/Debugging-Tools-Andrey-Bazhan
Dump-GUY/Exploit-Development
Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)
Dump-GUY/LibObjectFile
LibObjectFile is a .NET library to read, manipulate and write linker and executable object files (e.g ELF, DWARF, ar...)
Dump-GUY/MS-Vulnerable-Driver-List
Convert Microsoft's driver blocklist to a EDR detection hash list for unsupported operating systems (eg. Win 7,8)
Dump-GUY/OpenArk
The Next Generation of Anti-Rookit(ARK) tool for Windows.
Dump-GUY/phnt
Native API header files for the System Informer project.