hidd3ncod3s

WindowsAPIhash

Windows API Hashes used in the malwares

DecryptEKbinary

Decrypt the initial dropper of various exploit kits

Reversing

Dump of scripts i have used/written while reversing binaries

Sulo

Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin

InstumentOffice

Set of windbg breakpoints and notes for instrumenting Microsoft Office VBA engine.

pcap2saz

Converts HTTP flows in pcap file into SAZ file

PhanthomJS

Use PhanthomJS to deobfuscate Javascripts

tcpreplay-windows

TCPReplay for Windows using Scapy

awesome-SOC-IR

Awesome Security Operation Center and Incident Response

dpdk-pcapreplay

Replay pcaps using DPDK stack

http2fileextractor

Extract files from HTTP2 (HTTP 2.0) pcaps

sniffpacker

PackerAttacker

C++ application that uses memory and code hooks to detect packers

yararules

YARA signatures

avmplus

Source code for the Actionscript virtual machine

avmplus-diff

Diff needed to compile avmplus on windows using Visual Studio

awesome_kql

Microsoft Kusto Query Language

classd

Traffic classification daemon

dumpoverlay

Dumps overlay part from the EXE file

eqllib

Fuzzing

Few Fuzzing related files

helloworld-CoreCLR

HelloWorld using customized CoreCLR.dll (and mscorlib.dll)

iot-malware

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code

Malware-Analysis-Training

Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.

misc

Random stuff

Network_based_MITRE_ATTACK_matrix

Notes

Notes

nwjs

sysdigfalcorules

sysdig Falco Rules

CobaltStrike

CobaltStrike's source code