Research code & papers from members of vx-underground.

Hide SMBIOS/disk/NIC serials from EFI bootkit

fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)

Radare2 and Frida better together.

A QR-Code that Crash Browser on Almost All O.S. (Windows, Mac, Android, Ios, etc.), also can crash some qr-code reader with malware protection Like Kaspersky Qr Reader. In some Cases can also crash…

Alternative Shellcode Execution Via Callbacks

Set of tools to analyze Windows sandboxes for exposed attack surface.

ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool

Materials for Windows Malware Analysis training (volume 1)

PageBuster - dump all executable pages of packed processes.

A plugin for ReClass.NET to function over a PCIe FPGA device

golang打包二进制进行免杀

(Windows/Linux/Mac) Remote Administration Tool

Disables the Windows Platform Binary Table (WPBT) in your UEFI firmware.

UFO: Predictive Detection of Concurrency Use-After-Free Vulnerabilities

A Trace Explorer for Reverse Engineers

Apple Continuity Protocol Reverse Engineering and Dissector

AccessCheck & GetNamedSecurityInfoA wrapper (duplicates current proc security token)

Windows - Weaponizing privileged file writes with the Update Session Orchestrator service

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing

A small utility to modify the dynamic linker and RPATH of ELF executables

UNIX-like reverse engineering framework and command-line toolset.

The new Cuckoo Monitor.

The Alternative Fileless File System

Cygwin newlib mirror

msvcrt.lib for linking against msvcrt.dll on all versions of Windows

Collection Of Anti-Debugging Tricks

Windows memory hacking library