htnhan

dotfiles

boxstarter

Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages

capa

The FLARE team's open-source tool to identify capabilities in executable files.

capa-rules

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

capstone

Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.

FIDL

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

flare-dbg

flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.

flare-emu

flare-fakenet-ng

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

flare-ida

IDA Pro utilities from FLARE team

flare-vm

ghidra

Ghidra is a software reverse engineering (SRE) framework

jitm

JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.

malboxes

Builds malware analysis Windows VMs so that you don't have to.

NoVmpy

python-idb

Pure Python parser and analyzer for IDA Pro database files (.idb).

qiling

A True Instrumentable Binary Emulation Framework

retdec

RetDec is a retargetable machine-code decompiler based on LLVM.

rvmi

rVMI - A New Paradigm For Full System Analysis

rvmi-qemu

QEMU with rVMI extensions

speakeasy

Windows kernel and user mode emulation.

squid-cache-extractor

Forensic artifact extraction from squid proxy cache and secondary log sources

unicorn

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

VM-Packages

zstd

Zstandard - Fast real-time compression algorithm