g0mxxm
Security Researcher focuse on reverse engineering & malware and may research more the other interesting things! (๑^ں^๑)
CUMT
Pinned Repositories
Android-Malware-Sandbox
Android Malware Sandbox
Anti-Obfuscation
The tool can be used to eliminate redundant instructions in a basic block.
AntiDBG
A bunch of Windows anti-debugging tricks for x86 and x64.
APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
APT_REPORT
Interesting apt report collection and some special ioc express
detect_malware_by_icon
The code in this repository which function is to detect the malware that looks like a document through the icon element
HackerTools
使用MFC编写的病毒技术合集
Malware_Analysis
The scripts were ctreated and used by myself in malware analysis.
shellcode_extractor_for_maldoc
The code in this repository which function is to extract the shellcode from the maldoc.
Visual-watermarking-system-based-on-digital-image
数字图像可视化水印系统的设计与实现(LSB算法、DCT算法、随机间隔算法、区域校验位算法、图像降级算法、图像降级算法改进等6种数字水印算法的实现)
g0mxxm's Repositories
g0mxxm/Malware_Analysis
The scripts were ctreated and used by myself in malware analysis.
g0mxxm/APTnotes
Various public documents, whitepapers and articles about APT campaigns
g0mxxm/bcc
BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
g0mxxm/capa
The FLARE team's open-source tool to identify capabilities in executable files.
g0mxxm/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
g0mxxm/dirsearch
Web path scanner
g0mxxm/frinet
Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.
g0mxxm/ghidra-pyi-generator
Generates `.pyi` type stubs for the entire Ghidra API
g0mxxm/Havoc
The Havoc Framework.
g0mxxm/IoCs
Sophos-originated indicators-of-compromise from published reports
g0mxxm/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
g0mxxm/LL-RASP
Low-level RASP: Protecting Applications Implemented in High-level Programming Languages
g0mxxm/llvm-pass-plugin-skeleton
This is a detailed step-by-step description on how to compile out-of-tree a dynamically linked LLVM pass plugin for the new pass manager in Windows x86_64, tested with llvm 16.x
g0mxxm/llvm-tutor
A collection of out-of-tree LLVM passes for teaching and learning
g0mxxm/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
g0mxxm/proc-macro-workshop
Learn to write Rust procedural macros [Rust Latam conference, Montevideo Uruguay, March 2019]
g0mxxm/qiling
A True Instrumentable Binary Emulation Framework
g0mxxm/Rust-for-Malware-Development
This repository contains my complete resources and coding practices for malware development using Rust 🦀.
g0mxxm/rust-shellcode
windows-rs shellcode loaders
g0mxxm/RustRedOps
🦀 | RustRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Rust programming language.
g0mxxm/SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
g0mxxm/sgn
Shikata ga nai (仕方がない) encoder ported into go with several improvements
g0mxxm/Static-Reverse-Engineering-SRE
SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
g0mxxm/sysmon-config
Sysmon configuration file template with default high-quality event tracing
g0mxxm/tiny_tracer
A Pin Tool for tracing API calls etc
g0mxxm/titan
Titan is a VMProtect devirtualizer
g0mxxm/venom-rs
Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
g0mxxm/vmprotect-3.5.1
g0mxxm/Yara-Rules
Repository of Yara Rules
g0mxxm/yaradbg-backend