t-mtsmt's Stars
mandiant/flare-vm
A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
BC-SECURITY/Empire
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
andrew-d/static-binaries
Various *nix tools built as statically-linked binaries
hasherezade/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
hasherezade/pe_to_shellcode
Converts PE into a shellcode
hasherezade/hollows_hunter
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
kevoreilly/CAPEv2
Malware Configuration And Payload Extraction
Rurik/Noriben
Noriben - Portable, Simple, Malware Analysis Sandbox
CCob/SharpBlock
A method of bypassing EDR's active projection DLL's by preventing entry point exection
elastic/protections-artifacts
Elastic Security detection content for Endpoint
SafeBreach-Labs/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
joshhighet/ransomwatch
the transparent ransomware claim tracker 🥷🏼🧅🖥️
DissectMalware/XLMMacroDeobfuscator
Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
leesh3288/WinPwn
Windows Pwnable Study
Ignitetechnologies/Windows-Privilege-Escalation
d4rksystem/VBoxCloak
A PowerShell script that attempts to help malware analysts hide their Windows VirtualBox Windows VM's from malware that may be trying to evade analysis. Guaranteed to bring down your pafish ratings by at least a few points ;)
d4rksystem/VMwareCloak
A PowerShell script that attempts to help malware analysts hide their VMware Windows VM's from malware that may be trying to evade analysis.
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
cocomelonc/meow
Cybersecurity research results. Simple C/C++ and Python implementations
mandiant/VM-Packages
Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.
JPCERTCC/jpcert-yara
JPCERT/CC public YARA rules repository
CAPESandbox/community
Community modules for CAPE Sandbox
RedSiege/What-The-F
This repo hosts a poc of how to execute F# code within an unmanaged process
Wenzel/packer-flare
Packer templates to build your FLARE VM from scratch
LucaBarile/CVE-2022-38604
Exploits and reports for CVE-2022-38604