Workshop Material on VM-based Deobfuscation

Binee: binary emulation environment

Miscellaneous tools written in Python, mostly centered around shellcodes.

Encase Script to parse harddrive for MFT data

Used to decode xor in zepto ransomware

ctf repo

Xori is an automation-ready disassembly and static analysis library for PE32, 32+ and shellcode

Zerokit (GAPZ rootkit)

Ghidra is a software reverse engineering (SRE) framework

https://twitter.com/itsreallynick/status/1120410950430089224

Keybase managed bots

golang exploration keybase chat JSON API

Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.

Load DLLs from memory with rust

Demo files for remote template injection of .dotm files into .docx

Golang PE injection on windows

A Pin Tool for tracing API calls etc

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

A free but powerful Windows kernel research tool.

Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)

APT & CyberCriminal Campaign Collection

Bringing you the best of the worst files on the Internet.

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Internals information about Hyper-V

Alternative Shellcode Execution Via Callbacks

THIS REPO IS OBSOLETE. USE https://github.com/rapid7/metasploit-payloads INSTEAD