t-mtsmt

t-mtsmt's Stars

• mandiant/flare-vm

  A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

  Language:PowerShell6k201500879

• BC-SECURITY/Empire

  Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

  Language:PowerShell4k103391559

• andrew-d/static-binaries

  Various *nix tools built as statically-linked binaries

  Language:Shell3k6434547

• hasherezade/pe-sieve

  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

  Language:C++2.9k10190417

• hasherezade/pe_to_shellcode

  Converts PE into a shellcode

  Language:C++2.2k5539415

• hasherezade/hollows_hunter

  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

  Language:C1.9k6415249

• kevoreilly/CAPEv2

  Malware Configuration And Payload Extraction

  Language:Python1.7k65658383

• Rurik/Noriben

  Noriben - Portable, Simple, Malware Analysis Sandbox

  Language:Python1.1k9045223

• CCob/SharpBlock

  A method of bypassing EDR's active projection DLL's by preventing entry point exection

  Language:C#1.1k2010153

• elastic/protections-artifacts

  Elastic Security detection content for Endpoint

  Language:YARA904479102

• SafeBreach-Labs/PoolParty

  A set of fully-undetectable process injection techniques abusing Windows Thread Pools

  Language:C++820122115

• joshhighet/ransomwatch

  the transparent ransomware claim tracker 🥷🏼🧅🖥️

  Language:HTML7984894123

• DissectMalware/XLMMacroDeobfuscator

  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

  Language:Python5632361113

• leesh3288/WinPwn

  Windows Pwnable Study

  Language:Python29816033

• Ignitetechnologies/Windows-Privilege-Escalation

  2977066

• d4rksystem/VBoxCloak

  A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings by at least a few points ;)

  Language:PowerShell2617327

• d4rksystem/VMwareCloak

  A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.

  Language:PowerShell2577353

• VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls

  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

  Language:C1274018

• cocomelonc/meow

  Cybersecurity research results. Simple C/C++ and Python implementations

  Language:C1256135

• mandiant/VM-Packages

  Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

  Language:PowerShell120943761

• JPCERTCC/jpcert-yara

  JPCERT/CC public YARA rules repository

  Language:YARA951408

• CAPESandbox/community

  Community modules for CAPE Sandbox

  Language:Python7991346

• RedSiege/What-The-F

  This repo hosts a poc of how to execute F# code within an unmanaged process

  Language:C++635110

• Wenzel/packer-flare

  Packer templates to build your FLARE VM from scratch

  Language:PowerShell3319

• LucaBarile/CVE-2022-38604

  Exploits and reports for CVE-2022-38604

  Language:C++1101