Pinned Repositories
aplib-ripper
Use this library to automatically extract PE files compressed with aplib from a binary blob.
CmdDesktopSwitch
CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to identify and watch malware that has created a hidden desktop.
LocalShellExtParse
Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.
punbup
Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just another wrapper around 7zip!
findyara-ida
IDA python plugin to scan binary with Yara rules
hashdb
Assortment of hashing algorithms used in malware
research
Research notes
herrcore's Repositories
herrcore/punbup
Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just another wrapper around 7zip!
herrcore/aplib-ripper
Use this library to automatically extract PE files compressed with aplib from a binary blob.
herrcore/CmdDesktopSwitch
CmdDesktopSwitch is a small utility that lists all windows desktops and provides the option to switch between them. This can be used to identify and watch malware that has created a hidden desktop.
herrcore/LocalShellExtParse
Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.
herrcore/Crawlic
Web recon tool (find temporary files, parse robots.txt, search some folders, google dorks and search domains hosted on same server)
herrcore/mac-dev-setup
A beginner's guide to setting up a development environment on Mac OS X
herrcore/apiscout
herrcore/bunitu_tests
Scripts for communication with Bunitu Trojan C&Cs
herrcore/CAPE
Malware Configuration And Payload Extraction
herrcore/dumpulator
An easy-to-use library for emulating code in minidump files.
herrcore/elfesteem
Automatically exported from code.google.com/p/elfesteem
herrcore/HexRaysPyTools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
herrcore/lumina_server
Local server for IDA Lumina feature
herrcore/Miscellaneous
Small programs and scripts that do not require their own repositories
herrcore/py-bing-search
Python Bing Search API
herrcore/smda
SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.
herrcore/stackstack
herrcore/mazedecoder
herrcore/mcrit
herrcore/picblocks
herrcore/RemillWorkshop
herrcore/xfg_analyzer
A Binary Ninja plugin that uses bruteforced XFG hashes to recover precise function prototypes
herrcore/yarix