W3ndige
Follow
Stars
Lightweight type-1 hypervisor offering a foundation for building advanced security-focused functionality.
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes
Mapping XProtect's obfuscated malware family names to common industry names.
Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua
A tool that automates regex generation for the x86 and x86-64 instruction sets
Python bindings for Win32 API generated from win32metadata.
Tooling to generate metadata for Win32 APIs in the Windows SDK.
Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Provides automated reverse engineering assistance through the use of local large language models (LLMs) on consumer hardware.
GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, GnuTLS, SChannel, WinSock and Linux Sockets out of the box. ⚡
Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)
Quickly find differences and similarities in disassembled code
A collection of ready-to-use library code and symbols for the MinHash-based Code Relationship & Investigation Toolkit (MCRIT)
The Grimoire Hypervisor solution for x86 Processors with experimental nested virtualization support.
The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
Simplification of General Mixed Boolean-Arithmetic Expressions: GAMBA
Binary Ninja plugin to identify obfuscated code and other interesting code constructs
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
dr4k0nia / de4dot
Forked from de4dot/de4dot.NET deobfuscator and unpacker.
.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.