Pinned Repositories
ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
al-khaser
Public malware techniques used in the wild
antidebug
Collection Of Anti-Debugging Tricks
AntiDebugging
A collection of c++ programs that demonstrates the common Windows API functions to check if a debugger is present.
awesome-honeypots
an awesome list of honeypot resources
awesome-reversing
A curated list of awesome reversing resources
awesome-windows-exploitation
A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom
badusb2-mitm-poc
BadUSB 2.0 USB-HID MiTM POC
bamfdetect
Identifies and extracts information from bots and other malware
obfusion
Obfusion - C++ X86 Code Obfuscation Library
ror13h's Repositories
ror13h/obfusion
Obfusion - C++ X86 Code Obfuscation Library
ror13h/ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
ror13h/awesome-honeypots
an awesome list of honeypot resources
ror13h/box-js
A tool for studying JavaScript malware.
ror13h/CaptainHook
CaptainHook is x86/x64 hook environment
ror13h/Cknife
Cknife
ror13h/Cyber-Defence
Information released publicly by NCC Group's Cyber Defence team
ror13h/demos
Demos of various techniques found in malware
ror13h/Ebowla
Framework for Making Environmental Keyed Payloads
ror13h/flare-vm
ror13h/HyperPlatform
Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.
ror13h/Loki
Loki - Simple IOC and Incident Response Scanner
ror13h/Malicious
ASM Malicious code - PE infector
ror13h/Matroschka
Python steganography tool to hide images or text in images
ror13h/MemoryMon
Detecting execution of kernel memory where is not backed by any image file
ror13h/metame
metame is a metamorphic code engine for arbitrary executables
ror13h/Mirai-Source-Code
Leaked Mirai Source Code for Research/IoC Development Purposes
ror13h/MorphAES
IDPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world's first polymorphic shellcode/malware engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it's cross-platform as well and library-independent.
ror13h/NetshHelperBeacon
Example DLL to load from Windows NetShell
ror13h/pafishmacro
Pafish Macro is a Macro enabled Office Document to detect malware analysis systems and sandboxes. It uses evasion & detection techniques implemented by malicious documents.
ror13h/paradise
x86/x86-64 hooking library
ror13h/PowerShell-Suite
My musings with PowerShell
ror13h/Stitch
Python Remote Administration Tool
ror13h/TalosIntelPtDriver
ror13h/Toast
User-mode hook bypassing method
ror13h/VBoxHardenedLoader
VirtualBox VM detection mitigation loader
ror13h/VBShellCode
Making shellcode UD - https://osandamalith.com
ror13h/wlscrape
A tool for scrapping the possible malware from the Wikileaks AKP leak
ror13h/xarch_shellcode
Cross Architecture Shellcode in C
ror13h/zer0m0n
zer0m0n driver for cuckoo sandbox