P4nD3m1CB0Y0xD
Reverse engineering π§ Malware lover β’ Low level π Cybersecurity π‘
somewhere between us and them
P4nD3m1CB0Y0xD's Stars
ziishaned/learn-regex
Learn regex the easy way
fastfire/deepdarkCTI
Collection of Cyber Threat Intelligence sources from the deep and dark web
mandiant/capa
The FLARE team's open-source tool to identify capabilities in executable files.
GhostPack/Rubeus
Trying to tame the three-headed dog.
e-m-b-a/emba
EMBA - The firmware security analyzer
ly4k/Certipy
Tool for Active Directory Certificate Services enumeration and abuse
gaasedelen/lighthouse
A Coverage Explorer for Reverse Engineers
jthuraisamy/SysWhispers
AV/EDR evasion via direct system calls.
cmu-sei/pharos
Automated static analysis tools for binary programs
MicrosoftDocs/cpp-docs
C++ Documentation
pgkt04/defender-control
An open-source windows defender manager. Now you can disable windows defender permanently.
Yaxser/Backstab
A tool to kill antimalware protected processes
outflanknl/C2-Tool-Collection
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Rurik/Noriben
Noriben - Portable, Simple, Malware Analysis Sandbox
fkie-cad/cwe_checker
cwe_checker finds vulnerable patterns in binary executables
0xdea/semgrep-rules
A collection of my Semgrep rules to facilitate vulnerability research.
mandiant/capa-rules
Standard collection of rules for capa: the tool for enumerating the capabilities of programs
evild3ad/MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
BaumFX/cpp-anti-debug
anti debugging library in c++.
vxlang/vxlang-page
protector & obfuscator & code virtualizer
S1lkys/SharpKiller
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
thefLink/DeepSleep
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
pard0p/CallstackSpoofingPOC
C++ self-Injecting dropper based on various EDR evasion techniques.
bartblaze/Yara-rules
Collection of private Yara rules.
0xdea/ghidra-scripts
A collection of my Ghidra scripts to facilitate reverse engineering and vulnerability research.
XaFF-XaFF/Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
decoder-it/TokenStealer
OTRF/Set-AuditRule
Useful access control entries (ACE) on system access control list (SACL) of securable objects to find potential adversarial activity
therealdreg/x64dbg-exploiting
Do you want to use x64dbg instead of immunity debugger? oscp eCPPTv2 buffer overflow exploits pocs
MrEmpy/Frosty
γπ§γRing 3 Rootkit for Windows 10