Mark Lim's repositories
vxlang-page
protector & obfuscator & code virtualizer
BlackLotus
BlackLotus UEFI Windows Bootkit
config_extractors
Configuration extractors/decryptors for various Windows malware families.
Configuration_extractors
Configuration Extractors for Malware
dnlib
Reads and writes .NET assemblies and modules
donut-decryptor
Retrieve inner payloads from Donut samples
FullBypass
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find some bugs :)
GootUnloader
GootUnloader — Unpack GootLoader with Frida
icedid_stage1_unpack
Automatically unpack icedid stage1
iocs
Indicators from Unit 42 Public Reports
KDU
Kernel Driver Utility
Kernel_Driver_writing_Tutorial
Recon 2023 slides and code
MalwareAnalysisReports
Reports in .MD format
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
Parasite-Invoke
Hide your P/Invoke signatures through other people's signed assemblies
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
python-xdis
Python cross-version bytecode library and disassembler
Quasar
Remote Administration Tool for Windows
Rapid7-Labs
Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.
rat_king_parser
A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, and cloned/derivative RAT families.
RATDecoders
Python Decoders for Common Remote Access Trojans
rust-re-tour
A tour of what some Rust language features look like after compilation.
sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 12,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
unlicense
Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.
unrasp
Ressources and papers related to my conferences on RASPs
VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
WubbabooMark
Debugger Anti-Detection Benchmark