g0mxxm
Security Researcher focuse on reverse engineering & malware and may research more the other interesting things! (๑^ں^๑)
CUMT
Pinned Repositories
Android-Malware-Sandbox
Android Malware Sandbox
Anti-Obfuscation
The tool can be used to eliminate redundant instructions in a basic block.
AntiDBG
A bunch of Windows anti-debugging tricks for x86 and x64.
APT_CyberCriminal_Campagin_Collections
APT & CyberCriminal Campaign Collection
APT_REPORT
Interesting apt report collection and some special ioc express
detect_malware_by_icon
The code in this repository which function is to detect the malware that looks like a document through the icon element
HackerTools
使用MFC编写的病毒技术合集
Malware_Analysis
The scripts were ctreated and used by myself in malware analysis.
shellcode_extractor_for_maldoc
The code in this repository which function is to extract the shellcode from the maldoc.
Visual-watermarking-system-based-on-digital-image
数字图像可视化水印系统的设计与实现(LSB算法、DCT算法、随机间隔算法、区域校验位算法、图像降级算法、图像降级算法改进等6种数字水印算法的实现)
g0mxxm's Repositories
g0mxxm/Anti-Obfuscation
The tool can be used to eliminate redundant instructions in a basic block.
g0mxxm/shellcode_extractor_for_maldoc
The code in this repository which function is to extract the shellcode from the maldoc.
g0mxxm/detect_malware_by_icon
The code in this repository which function is to detect the malware that looks like a document through the icon element
g0mxxm/AV-Bypass-Learning
免杀学习笔记
g0mxxm/BypassAV
This map lists the essential techniques to bypass anti-virus and EDR
g0mxxm/capa
The FLARE team's open-source tool to identify capabilities in executable files.
g0mxxm/D1rkLdr
Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time
g0mxxm/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
g0mxxm/dirsearch
Web path scanner
g0mxxm/frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
g0mxxm/g0mx_blog
g0mxxm/ghidra
Ghidra is a software reverse engineering (SRE) framework
g0mxxm/ghidra-pyi-generator
Generates `.pyi` type stubs for the entire Ghidra API
g0mxxm/HadesLdr
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
g0mxxm/IoCs
Sophos-originated indicators-of-compromise from published reports
g0mxxm/Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
g0mxxm/KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
g0mxxm/LL-RASP
Low-level RASP: Protecting Applications Implemented in High-level Programming Languages
g0mxxm/llvm-pass-plugin-skeleton
This is a detailed step-by-step description on how to compile out-of-tree a dynamically linked LLVM pass plugin for the new pass manager in Windows x86_64, tested with llvm 16.x
g0mxxm/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
g0mxxm/r2elk
Radare2 Metadata Extraction to Elasticsearch
g0mxxm/rules
Repository of yara rules
g0mxxm/rust-shellcode
windows-rs shellcode loaders
g0mxxm/SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches.
g0mxxm/Sekiryu
Comprehensive toolkit for Ghidra headless.
g0mxxm/Static-Reverse-Engineering-SRE
SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
g0mxxm/SweetDreams
Implementation of Advanced Module Stomping and Heap/Stack Encryption
g0mxxm/sysmon-config
Sysmon configuration file template with default high-quality event tracing
g0mxxm/titan
Titan is a VMProtect devirtualizer
g0mxxm/volatility3
Volatility 3.0 development