danielplohmann

apiscout

This project aims at simplifying Windows API import recovery on arbitrary memory dumps

smda

SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.

idascope

An IDA Pro extension for easier (malware) reverse engineering

mcrit

The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash algorithm in the context of code similarity.

empty_msvc

A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.

docker-mcrit

Dockerized Setup for the MinHash-based Code Recognition & Investigation Toolkit (MCRIT)

mcrit-data

A collection of ready-to-use library code and symbols for the MinHash-based Code Relationship & Investigation Toolkit (MCRIT)

tars

The Threat Actor Rosetta Stone (TARS) is a public listing to keep track of who keeps calling which actor groups by which names.

gui-plugin-template

A template for cross-compatible GUI plugins (IDA, Ghidra, Binary Ninja, Cutter)

picblocks

malware_name_mapping

A mapping of used malware names to commonly known family names

bda

Programmer De-anonymization from Binary Executables

capa

The FLARE team's open-source tool to identify capabilities in executable files.

danielplohmann.github.io

Next iteration of a personal blog.

yarachecker

A helper utility for processing YARA results, as used by IDAscope.

awesome-ida-x64-olly-plugin

A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.

danielplohmann

lib2smda

Helper tool to use IDA Pro to convert lib files into SMDA format

MISP-dockerized

misp-galaxy

Clusters and elements to attach to MISP events or attributes (like threat actors)

threat-research

Repository of tools, YARA rules, and code-snippets from Stairwell's research team.