g0mx's repositories
APT_REPORT
Interesting apt report collection and some special ioc express
function-identification
This project demonstrates how a convolutional neural network can be used to detect the boundaries of a function in compiled code
Android-Malware-Sandbox
Android Malware Sandbox
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
sRDI
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
rgat
An instruction trace visualisation tool for dynamic program analysis
VmwareHardenedLoader
Vmware Hardened VM detection mitigation loader (anti anti-vm)
Tai-e-assignments
Tai-e assignments for static program analysis
Mua-Remote-Control-Trojan
MUA远控木马
GhidraSnippets
Python snippets for Ghidra's Program and Decompiler APIs
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
lopqto.github.io
Personal blog
rust-mordor-rs
Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library
Process-Dump
Windows tool for dumping malware PE files from memory back to disk for analysis.
BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
SysWhispers2
AV/EDR evasion via direct system calls.
Jlaive-1
Antivirus evasion tool (crypter) that converts executables into undetectable batch files.
theZoo
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
cpploader
c++ shellcode loader
Jlaive
.NET Antivirus Evasion Tool (Exe2Bat)
vbe-decoder
A Python3 script to decode an encoded VBScript file, often seen with a .vbe file extension
windows_baseline
windows加固基线excel及检查脚本
awesome-malware-analysis
Defund the Police.
NetRipper
NetRipper - Smart traffic sniffing for penetration testers
LD_PRELOAD-accept-backdoor
Code samples to go along with the blog post on how to create an LD_PRELOAD backdoor hooking accept()
GolangBypassAV
研究利用golang各种姿势bypassAV
llvmanalyzer
笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.
BadCode
恶意代码逃逸源代码 http://payloads.online
idaplugins-list
A list of IDA Plugins