RME-DisCo Research Group

Official repository of RME, a part of the DisCo research group from University of Zaragoza focused on software and systems security

Zaragoza, Spain

Pinned Repositories

APOTHEOSIS
A specialized implementation of the Hierarchical Navigable Small World (HNSW) data structure adapted for efficient nearest neighbor lookup of approximate matching hashes
Language:Python9 1 03
instant-messaging-artifact-finder
Tool to find memory artifacts present in instant messaging applications.
Language:Python10 3 12
modex
Volatility 3 plugins to extract a module as complete as possible
Language:Python12 2 00
pinVMShield
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
Language:C++11 3 02
processfuzzyhash
Volatility plugin to calculate and compare Windows processes fuzzy hashes
Language:Python7 2 01
rop3
A tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure
Language:Python19 3 60
sigcheck
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
Language:Python21 4 54
winapi-categories
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
Language:Python21 1 12
windows-memory-extractor
Tool to extract contents from the memory of Windows systems.
Language:C++14 3 23
winesap
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
Language:Python10 2 10

RME-DisCo Research Group's Repositories

reverseame/sigcheck
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
Language:Python21 4 54
reverseame/winapi-categories
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
Language:Python21 1 12
reverseame/rop3
A tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure
Language:Python19 3 60
reverseame/windows-memory-extractor
Tool to extract contents from the memory of Windows systems.
Language:C++14 3 23
reverseame/modex
Volatility 3 plugins to extract a module as complete as possible
Language:Python12 2 00
reverseame/pinVMShield
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
Language:C++11 3 02
reverseame/instant-messaging-artifact-finder
Tool to find memory artifacts present in instant messaging applications.
Language:Python10 3 12
reverseame/winesap
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
Language:Python10 2 10
reverseame/APOTHEOSIS
A specialized implementation of the Hierarchical Navigable Small World (HNSW) data structure adapted for efficient nearest neighbor lookup of approximate matching hashes
Language:Python9 1 03
reverseame/processfuzzyhash
Volatility plugin to calculate and compare Windows processes fuzzy hashes
Language:Python7 2 01
reverseame/MOSTO-Modbus-simulator
MOSTO is a SCADA network device simulator based on ModbusTCP communications. Based on Python3
Language:Python6 2 23
reverseame/MALVADA
MALVADA: Malware Execution Traces Dataset generation.
Language:Python5 2 02
reverseame/malscan
Volatility plugin to detect malicious code thanks to ClamAV
Language:Python3 2 01
reverseame/cape-hook-generator
CAPEv2 (capemon) hook skeleton generator (hookdefs) for your malware analysis needs.
Language:Python2 1 0
reverseame/capemon
capemon: CAPE's monitor
Language:C2 0 00
reverseame/MANTILLA
...
Language:Jupyter Notebook2 2 00
reverseame/similarity-unrelocated-module
Volatility plugin to yield and compare similarity digest of modules on execution.
Language:Python2 2 10
reverseame/chiton
Chiton is a Python library to exfiltrate data encapsulating the data into IoT protocol’s packets
Language:Python1 1 00
reverseame/KeyReaper
KeyReaper: Memory Forensic Driven Key Extraction
Language:C++1
reverseame/Secure_Socket
C++ Sockets implementing hybrid encryption
Language:C++1 2 11
reverseame/windows-behavior-catalog
Windows Behavior Catalog (WBC) is a collection of fundamental behaviors for Windows OS, represented as a sequence of Windows API and/or syscalls.
Language:C++1
reverseame/Characterizing-TTPs-in-the-macOS-Threat-Landscape
Source data and Scripts used for the paper: Characterizing Tactics, Techniques, and Procedures in the macOS Threat Landscape
Language:Python
reverseame/EvalMe
EvalMe: an evaluation and benchmarking tool
Language:Python2 01
reverseame/exploring-ZeroShot-LLM-DGA
A framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs) used by malware for Command and Control communication.
Language:Python
reverseame/LLM-DGA-lab
Framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs). Supports 9 LLMs across 4 vendors with binary/multiclass classification and reproducible experiments.
Language:Python
reverseame/MalGraphIQ
Transform your malware sandbox reports and execution traces into behavior and category graphs and plot their Windows Behavior Catalog (WBC) behavior identification.
Language:Python1
reverseame/RAMPAGE
RAMPAGE is a framework aimed at training and comparing machine learning models for the detection of Algorithmically Generated Domains.
Language:Python1 0
reverseame/rme-Python-toolkit
A collection of Python tools developed and maintained by the Reverseame research group.
Language:Python
reverseame/sum-plugin
Volatility 2.6 plugin to undo modifications done by relocation process on modules
Language:Python1 01
reverseame/synoptic
Synoptic: Concolic execution for network protocol inference
Language:Python