UNIX-like reverse engineering framework and command-line toolset
-
Updated
May 29, 2024 - C
UNIX-like reverse engineering framework and command-line toolset
State-of-the-art native debugging tool
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
The PE file analysis toolkit
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Cybersecurity research results. Simple C/C++ and Python implementations
XZ backdoor reverse engineering
A project for building Linux && IoT Malware for fun and profit
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
InfoSec Binary Hex Editor with Retro Disassemblers
A simple C program with stubs, allowing one to dynamically debug the backdoor included in liblzma
Hiew External Module (HEM) to copy a marked block in multiple formats
Hiew External Module (HEM) to calculate CRC-32, MD5, SHA-1, and SHA-256 hashes of a given file/block
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
Corana is a Dynamic Symbolic Execution Engine for ARM Cortex-M aiming to incrementally reconstruct the precise Control Flow Graph (CFG) of IoT malware under the presence of obfuscation techniques e.g., indirect jumps and opaque predicates
Dynamic unpacker based on PE-sieve
Version Masamunpe for Linux
Unmapper is a powerful tool that allows you to easily dump mapped PE files by hooking WriteProcessMemory.
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Add a description, image, and links to the malware-analysis topic page so that developers can more easily learn about it.
To associate your repository with the malware-analysis topic, visit your repo's landing page and select "manage topics."