Beast code in Giters

hasherezade's starred repositories

pycdc

C++ python bytecode disassembler and decompiler

Language:C++GPL-3.03201 95 389

flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Language:PythonApache-2.03174 133 476

CAPEv2

Malware Configuration And Payload Extraction

Language:PythonNOASSERTION1897 66 711

pefile

pefile is a Python module to read and work with PE (Portable Executable) files

Language:PythonMIT1856 81 246

Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!

Language:C++NOASSERTION1478 74 130

pocs

Proof of Concepts (PE, PDF...)

Language:Assembly1437 74 7

rewolf-wow64ext

Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.

Language:C++931 67 17

awesome-edr-bypass

Awesome EDR Bypass Resources For Ethical Hacking

892 240

Ekko

Sleep Obfuscation

Language:C663 13 1

PR0CESS

some gadgets about windows process and ready to use :)

Language:CApache-2.0570 16 3

polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

Language:C++Apache-2.0518 38 155

Hunt-Sleeping-Beacons

Aims to identify sleeping beacons

Language:C463 5 2

CallStackSpoofer

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

Language:C++415 60

PowerLoaderEx

PowerLoaderEx - Advanced Code Injection Technique for x32 / x64

Language:C++356 32 1

Classy

IDA Pro plugin to manage classes

Language:Python271 9 7

HookingNirvana

Recon 2015 Presentation from Alex Ionescu

Language:C228 17 1

SweetDreams

Implementation of Advanced Module Stomping and Heap/Stack Encryption

Language:C++BSD-3-Clause206 20

C-To-Shellcode-Examples

Language:C187 60

phnt-single-header

Single header version of System Informer's phnt library.

Language:CMakeMIT174 6 8

pi-defender

Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.

Language:C++LGPL-3.0147 4 1

FOLIAGE

Experiment on reproducing Obfuscate & Sleep

Language:C136 20

mwcfg

A Feature Rich Modular Malware Configuration Extraction Utility for MalDuck

Language:PythonBSD-3-Clause125 7 6

IAT-Tracer

An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (.tag) files.

Language:Python105 7 3

yara-rules

YARA rules for use with ProcFilter

MIT83 310

MoP

MoP - "Master of Puppets" - Advanced malware tracking framework

Language:PythonApache-2.082 16 1

CCHookReloaded

A modern, mod independent open source cheat for Enemy Territory

Language:CMIT62 5 7

TinyProcessor

A post-processing script for TinyTracer

Language:Python37 20

talks

Repo containing my public talks

22 20

Writeups

CTF writeups

Language:Batchfile17 10

TrknHuntRthys

Specific C2 Detection Tool Written To Detect C2 Servers From Rhadamanthys Stealer Malware.

Language:PythonMIT9 10