RME-DisCo Research Group

Official repository of RME, a part of the DisCo research group from University of Zaragoza focused on software and systems security

Zaragoza, Spain

Pinned Repositories

instant-messaging-artifact-finder
Tool to find memory artifacts present in instant messaging applications.
Language:Python9 2 12
modex
Volatility 3 plugins to extract a module as complete as possible
Language:Python10 2 00
MOSTO-Modbus-simulator
MOSTO is a SCADA network device simulator based on ModbusTCP communications. Based on Python3
Language:Python6 2 23
pinVMShield
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
Language:C++9 4 02
processfuzzyhash
Volatility plugin to calculate and compare Windows processes fuzzy hashes
Language:Python8 3 01
rop3
A tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure
Language:Python14 5 60
sigcheck
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
Language:Python18 5 54
winapi-categories
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
Language:Python10 2 01
windows-memory-extractor
Tool to extract contents from the memory of Windows systems.
Language:C++14 3 22
winesap
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
Language:Python9 3 10

RME-DisCo Research Group's Repositories

reverseame/sigcheck
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
Language:Python18 5 54
reverseame/rop3
A tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure
Language:Python14 5 60
reverseame/windows-memory-extractor
Tool to extract contents from the memory of Windows systems.
Language:C++14 3 22
reverseame/modex
Volatility 3 plugins to extract a module as complete as possible
Language:Python10 2 00
reverseame/winapi-categories
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
Language:Python10 2 01
reverseame/instant-messaging-artifact-finder
Tool to find memory artifacts present in instant messaging applications.
Language:Python9 2 12
reverseame/pinVMShield
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
Language:C++9 4 02
reverseame/winesap
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
Language:Python9 3 10
reverseame/processfuzzyhash
Volatility plugin to calculate and compare Windows processes fuzzy hashes
Language:Python8 3 01
reverseame/APOTHEOSIS
A specialized implementation of the Hierarchical Navigable Small World (HNSW) data structure adapted for efficient nearest neighbor lookup of approximate matching hashes
Language:Python6 1 01
reverseame/MOSTO-Modbus-simulator
MOSTO is a SCADA network device simulator based on ModbusTCP communications. Based on Python3
Language:Python6 2 23
reverseame/malscan
Volatility plugin to detect malicious code thanks to ClamAV
Language:Python3 3 01
reverseame/residentmem
Volatility plugin to obtain the number of the resident memory pages per module (exe or dll) and per driver from a Windows memory dump.
Language:Python2 3 00
reverseame/similarity-unrelocated-module
Volatility plugin to yield and compare similarity digest of modules on execution.
Language:Python2 3 10
reverseame/asistencia-aula-EINA-telegram-bot
Bot de Telegram para facilitar la entrada de datos de asistencia presencial en aulas de la EINA
Language:Python1 2 1
reverseame/cape-hook-generator
CAPEv2 (capemon) hook skeleton generator (hookdefs) for your malware analysis needs.
Language:Python1 1 0
reverseame/capemon
capemon: CAPE's monitor
Language:C1 0 00
reverseame/chiton
Chiton is a Python library to exfiltrate data encapsulating the data into IoT protocol’s packets
Language:Python1 1 00
reverseame/dumd-mixer
Dump Module Mixer (dumd-mixer) is a Python script to generate a module from the same module extracted from a collection of memory dumps.
Language:Python1 3 0
reverseame/MALVADA
MALVADA: Malware Execution Traces Dataset generation.
Language:Python1 2 00
reverseame/MANTILLA
...
Language:Jupyter Notebook1 2 00
reverseame/Secure_Socket
C++ Sockets implementing hybrid encryption
Language:C++1 2 11
reverseame/EvalMe
EvalMe: an evaluation and benchmarking tool
Language:Python3 01
reverseame/openssl
TLS/SSL and crypto library
Language:C1 0
reverseame/RAMPAGE
RAMPAGE is a framework aimed at training and comparing machine learning models for the detection of Algorithmically Generated Domains.
Language:Python2 0
reverseame/sum-plugin
Volatility 2.6 plugin to undo modifications done by relocation process on modules
Language:Python1 01

RME-DisCo Research Group

Pinned Repositories

instant-messaging-artifact-finder

modex

MOSTO-Modbus-simulator

pinVMShield

processfuzzyhash

rop3

sigcheck

winapi-categories

windows-memory-extractor

winesap

RME-DisCo Research Group's Repositories

reverseame/sigcheck

reverseame/rop3

reverseame/windows-memory-extractor

reverseame/modex

reverseame/winapi-categories

reverseame/instant-messaging-artifact-finder

reverseame/pinVMShield

reverseame/winesap

reverseame/processfuzzyhash

reverseame/APOTHEOSIS

reverseame/MOSTO-Modbus-simulator

reverseame/malscan

reverseame/residentmem

reverseame/similarity-unrelocated-module

reverseame/asistencia-aula-EINA-telegram-bot

reverseame/cape-hook-generator

reverseame/capemon

reverseame/chiton

reverseame/dumd-mixer

reverseame/MALVADA

reverseame/MANTILLA

reverseame/Secure_Socket

reverseame/EvalMe

reverseame/openssl

reverseame/RAMPAGE

reverseame/sum-plugin