benzo-benzin

attack-git

carbanak_source_code_leak

Carbanak source code leak.

DBI

Files for http://deniable.org/reversing/binary-instrumentation

EasyHook

EasyHook - The reinvention of Windows API Hooking

EfiGuard

Disable PatchGuard and DSE at boot time

EquationGroupLeak

Archive of leaked Equation Group materials

EvilOSX

An evil RAT (Remote Administration Tool) for macOS / OS X.

FirmWire

FirmWire is a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares

IAT-Hooking-Revisited

Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.

icloak

A DKOM hiding stuff for Linux, FreeBSD and NetBSD.

injectAllTheThings

Seven different DLL injection techniques in one single project.

JReFrameworker

A practical tool for bytecode manipulation and creating Managed Code Rootkits (MCRs) in the Java Runtime Environment

LiME

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquiring memory either to the file system of the device or over the network. LiME is unique in that it is the first tool that allows full memory captures from Android devices. It also minimizes its interaction between user and kernel space processes during acquisition, which allows it to produce memory captures that are more forensically sound than those of other tools designed for Linux memory acquisition.

linux

Linux kernel source tree

MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

membugtool

A DBI tool to discover heap memory related bugs

mimipenguin

A tool to dump the login password from the current linux user

Process-Hollowing

Great explanation of Process Hollowing (a Technique often used in Malware)

Proof-of-Concept-Collection

Collection of open source Malware Techniques distributed online

PS4-4.05-Kernel-Exploit

A fully implemented kernel exploit for the PS4 on 4.05FW

PS4-5.05-Kernel-Exploit

A fully implemented kernel exploit for the PS4 on 5.05FW

Reptile

LKM Linux rootkit

s6_pcie_microblaze

PCI Express DIY hacking toolkit for Xilinx SP605

sinkhole

Architectural privilege escalation on x86

syscall-rootkit

Just a proof of concept Linux rootkit that reads from syscalls.

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders

Trident

UEFITool

UEFI firmware image viewer and editor

VXUG-Papers

Research code & papers from members of vx-underground.

WinAllocTracer

Pintool that logs and tracks calls to RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, VirtualAllocEx, and VirtualFreeEx.