Ghidra CI/CD to build and host a universal macOS Ghidra.app

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

GEF - GDB Enhanced Features for exploit devs & reversers

gooMBA is a Hex-Rays Decompiler plugin to simplify Mixed Boolean-Arithmetic (MBA) expressions

Official git repo for iodine dns tunnel

Threat Intel IoCs + bits and pieces of dark matter

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Cli…

PingRAT secretly passes C2 traffic through firewalls using ICMP payloads.

Tools and Techniques for Blue Team / Incident Response

Malware Configuration And Payload Extraction

pfSense/OPNsense + Elastic Stack

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

A command line Windows API tracing tool for Golang binaries.

"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file for…

Transparently tunnel your IP traffic through ICMP echo and reply packets.

A malware-analysis tool that identify the exact position and details of malicious content in binary files using external Anti-Virus scanners. Supports all AV scanners.

The Hunt for Malicious Strings

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

IDA Pro's FindCrypt ported to Ghidra, with an updated and customizable signature database

D-Eyes为M-SEC社区一款检测与响应工具

Ghidra analysis plugin to locate cryptographic constants

Pilot-Web：一款基于PythonFlask框架开发的前后端分离式渗透测试&漏洞挖掘Web靶场，内置WP与知识库的集成式教学靶场。

Small rust binary analysis helper for IDA.

Free vless-vmess-shadowsocks-trojan-xray-V2ray Configs Updating Every 5 minutes

🛰️✨ Free V2ray Configs , Updating Every 10 minutes.

Multi-platform auto-proxy client, supporting Sing-box, X-ray, TUIC, Hysteria, Reality, Trojan, SSH etc. It’s an open-source, secure and ad-free.

Deploy Trojan using a Serverless approach

在原版的基础上修改了显示 Trojan 配置信息转换为订阅内容。使用该脚本，你可以方便地将 Trojan 配置信息使用在线配置转换到 Clash 或 Singbox 等工具中。