Bootkit sample for firmware attack

Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.

Use YARA rules on Time Travel Debugging traces

Nidhogg is an all-in-one simple to use rootkit.

Source code for the blog post "Ransomware in the honeypot: how we capture keys with sticky canary files"

x86 malware emulator

SCEMU The crates.io lib, x86 cpu and systems emulator focused mainly for anti-malware

PySCEmu, python support for rust emulator libscemu

Native Python3 bindings for @horsicq's Detect-It-Easy

Process Injection using Thread Name