Trending repositories for topic malware-analysis

Exploit Development and Reverse Engineering with GDB Made Easy

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Program for determining types of files for Windows, Linux and MacOS.

Defund the Police.

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

The FLARE team's open-source tool to identify capabilities in executable files.

Tools and Techniques for Blue Team / Incident Response

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, ...

Portable Executable reversing tool with a friendly GUI

A curated list of awesome Memory Forensics for DFIR

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

UNIX-like reverse engineering framework and command-line toolset

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

This repository contains various snippets I use in my malware, command and control servers, payloads, and much more. Hopefully it can help you out in building your own malware and payloads :D

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

A curated list of awesome Memory Forensics for DFIR

Cybersecurity research results. Simple C/C++ and Python implementations

Reverse Engineering Tools (deobf, decompiler etc..)

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, ...

A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.

Exploit Development and Reverse Engineering with GDB Made Easy

a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM

IDApython Scripts for Analyzing Golang Binaries

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A machine learning tool that ranks strings based on their relevance for malware analysis.

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

FAME Automates Malware Evaluation

Portable Executable reversing tool with a friendly GUI

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Exploit Development and Reverse Engineering with GDB Made Easy

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Program for determining types of files for Windows, Linux and MacOS.

Defund the Police.

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

The FLARE team's open-source tool to identify capabilities in executable files.

Tools and Techniques for Blue Team / Incident Response

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, ...

Portable Executable reversing tool with a friendly GUI

A curated list of awesome Memory Forensics for DFIR

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

UNIX-like reverse engineering framework and command-line toolset

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

This repository contains various snippets I use in my malware, command and control servers, payloads, and much more. Hopefully it can help you out in building your own malware and payloads :D

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...

Chocolatey packages supporting the analysis environment projects FLARE-VM & Commando VM.

A curated list of awesome Memory Forensics for DFIR

Cybersecurity research results. Simple C/C++ and Python implementations

Reverse Engineering Tools (deobf, decompiler etc..)

30 different honeypots in one package! (dhcp, dns, elastic, ftp, http proxy, https proxy, http, https, imap, ipp, irc, ldap, memcache, mssql, mysql, ntp, oracle, pjl, pop3, postgres, rdp, redis, sip, ...

A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.

Exploit Development and Reverse Engineering with GDB Made Easy

a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM

IDApython Scripts for Analyzing Golang Binaries

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A machine learning tool that ranks strings based on their relevance for malware analysis.

Course Repository for University of Cincinnati Malware Analysis Class (CS[567]038)

FAME Automates Malware Evaluation

Portable Executable reversing tool with a friendly GUI

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Raw data from Threat Intelligence Reports with automatic reports collection and keyword search across thousands of reports

The FLARE team's open-source tool to identify capabilities in executable files.

Defund the Police.

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Program for determining types of files for Windows, Linux and MacOS.

UNIX-like reverse engineering framework and command-line toolset

Exploit Development and Reverse Engineering with GDB Made Easy

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Malware Configuration And Payload Extraction

Android Reverse-Engineering Workbench for VS Code

Portable Executable reversing tool with a friendly GUI

Tools and Techniques for Blue Team / Incident Response

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Stuxnet extracted binaries by reversing & Stuxnet Rootkit Analysis

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...

Native Python3 bindings for @horsicq's Detect-It-Easy

Public repository containing materials for various malware-related streams.

This repo shares blue team security notes and resources for detecting and preventing cyber attacks. Topics covered include email, file, log, malware, memory forensics, and packet analysis.

A curated list of awesome malware analysis tools and resources

Reverse Engineering and Malware Analysis Roadmap

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

a list of 350+ Free TryHackMe rooms to start learning cybersecurity with THM

A collection of modules and scripts to help with analyzing Nim binaries

Resources for learning malware analysis and reverse engineering

Virus - Trojans - Worms - Malwares

Android malware source code dataset collected from public resources.

Symbol Recovery Tool for Nuitka Binaries

The FLARE team's open-source tool to identify capabilities in executable files.

SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SC...

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Simple Polymorphic Engine (SPE32) is a simple polymorphic engine for encrypting code and data. It is an amateur project that can be used to demonstrate what polymorphic engines are.

A cli script to analyze an E-Mail in the EML format for viewing the header, extracting attachments, etc.

GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for threat analysis.

a new take on #malware #detection

Deep Linux runtime visibility meets Wireshark

Extracted Yara rules from Windows Defender mpavbase and mpasbase

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

A simple crossplatform heuristic PE-analyzer

Easy-as-dumb toolkit to prevent any malicious injections in your Android app. Beware of cheaters!

A collection of malware families and malware samples which use the Rust programming language.

A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

XZ backdoor reverse engineering

Advanced dynamic malware analysis tool.

A collection of modules and scripts to help with analyzing Nim binaries

Native Python3 bindings for @horsicq's Detect-It-Easy

Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs for malware analysis.

Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...

Reverse Engineering and Malware Analysis Roadmap

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

Symbol Recovery Tool for Nuitka Binaries

A simple commandline application to automatically decrypt strings from Obfuscator protected binaries

An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...

Program for determining types of files for Windows, Linux and MacOS.

UNIX-like reverse engineering framework and command-line toolset

The FLARE team's open-source tool to identify capabilities in executable files.

Defund the Police.

Exploit Development and Reverse Engineering with GDB Made Easy

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

IntelOwl: manage your Threat Intelligence at scale

Tools and Techniques for Blue Team / Incident Response

GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for threat analysis.

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

Portable Executable reversing tool with a friendly GUI

Android Reverse-Engineering Workbench for VS Code

Reverse Engineer's Toolkit

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

A curated list of awesome YARA rules, tools, and people.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

GUI analyzer for deep-diving into PDF files. Detect malicious payloads, understand object relationships, and extract key information for threat analysis.

For educational purposes only, samples of 400+ classic/modern trojan builders including screenshots.

Extracted Yara rules from Windows Defender mpavbase and mpasbase

This repo contains IOC, malware and malware analysis associated with Public cloud

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Deep Linux runtime visibility meets Wireshark

Windows-based Reverse Engineering Toolkit "All-In-One", Built for Security (Malware analysis, Penetration testing) & Educational purposes.

A collection of malware families and malware samples which use the Rust programming language.

This repo shares blue team security notes and resources for detecting and preventing cyber attacks. Topics covered include email, file, log, malware, memory forensics, and packet analysis.

XZ backdoor reverse engineering

Advanced dynamic malware analysis tool.

Automatically identify and extract potential anti-debugging techniques used by malware.

PoC showcasing new DarkGate Install Script retrieval technique via DNS TXT Record

Anomaly based Malware Detection using Machine Learning (PE and URL)

Android malware source code dataset collected from public resources.

SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SC...

Decompiler and deobfuscator that offers support to track discord webhooks inside: blank stealer, luna grabber, thiefcat, Creal and all unobfuscated grabbers

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

MalStatWare automates malware analysis with Python. Extract key details like file size, type, hash, path, and digital signature. It analyzes headers, APIs, and strings, giving quick insights for threa...

A book covering the whole spectrum of Malware