peta909's Stars
Neo23x0/signature-base
YARA signature and IOC database for my scanners and tools
everdox/InfinityHook
Hook system calls, context switches, page faults and more.
monoxgas/sRDI
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
malrev/ABD
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
mdsecactivebreach/o365-attack-toolkit
A toolkit to attack Office365
d35ha/CallObfuscator
Obfuscate specific windows apis with different apis
ctxis/CAPE
Malware Configuration And Payload Extraction
hugsy/defcon_27_windbg_workshop
DEFCON 27 workshop - Modern Debugging with WinDbg Preview
inforion/idapython-cheatsheet
Scripts and cheatsheets for IDAPython
MarioVilas/winappdbg
WinAppDbg Debugger
threatland/TL-TROJAN
A collection of source code for various RATs, Stealers, and other Trojans.
KelvinMsft/kHypervisor
kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x
MicrosoftDocs/sdk-api
Public contributions for win32 API documentation
you0708/ida
IDA related stuff
0xcpu/WinAltSyscallHandler
Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
airbus-seclab/ramooflax
a bare metal (type 1) VMM (hypervisor) with a python remote control API
fboldewin/COM-Code-Helper
Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code
SPTHvx/SPTH
Second Part To Hell's artworks: artificial (life/evolution/intelligence)
Karneades/malware-persistence
Collection of malware persistence and hunting information. Be a persistent persistence hunter!
1111joe1111/tuts
Reverse engineering tutorials
threatland/TL-FRAUD
A collection of fraud related tools for research.
DSecurity/crauEmu
crauEmu is an uEmu extension for developing and analyzing payloads for code-reuse attacks
Big5-sec/pcode2code
a vba pcode decompiler based on pcodedmp
sysopfb/malware_decoders
Static based decoders for malware samples
d00rt/emotet_network_protocol
yardenshafir/KernelDataStructureFinder
Driver and WinDBG scripts to dump information about all resources and lookaside lists
t3rabyt3-zz/Gozi
Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.
naim94a/rebasedcomment
Comment rebasing for IDA Pro
snemes/aplib
Module for decompressing aPLib compressed data
jacobsoo/MalConfig
This is part of a module for the framework that i'm constantly developing. Currently only information of the C2 are disclosed here.