K2's repositories
ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
LanguageBackdoors
Compiler exploits and exploitable non-obvious source code back doors.
Reloc
Transform dumped executable memory back into an identical match from disk. Use network or local database to de-locate relocated binaries and ensure a cryptographically secure hash match for code running on your legacy systems. A client tool that downloads relocation data for various PE files. This ensures when extracting data from memory dumps that you can match memory to disk files precisely.
CapstoneCore
CoreCLR 64bit Capstone bindings
HashServer
A Kestrel app server provides a just in time JitHash white list. The client is in powershell and can be used to test remote system memory for unknown code. Rendered doc's are here https://K2.github.io/HashServer/
blackhat-arsenal-tools
Official Black Hat Arsenal Security Tools Repository
awesome-forensics
A curated list of awesome forensic analysis tools and resources
awesome-malware-analysis
A curated list of awesome malware analysis tools and resources
awesome-incident-response
A curated list of tools for incident response
Capstone.NET
C# 64 bit binding for capstone
CRoaring
Roaring bitmaps in C (and C++)
inVtero.net
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
K2.github.io
Public projects I'm able to release as open source projecs
metaflow
:rocket: Build and manage real-life data science projects with ease!
oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
php-src
The PHP Interpreter
storage-blob-dotnet-getting-started
The getting started sample demonstrates how to perform common tasks using the Azure Blob Service in .NET including uploading a blob, CRUD operations, listing, as well as blob snapshot creation.
syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
xdna-driver
forked