🧬 Mitre Interactive Network Graph (APTs, Malware, Tools, Techniques & Tactics)

AV/EDR evasion via direct system calls.

An automatic unpacker and logger for DotNet Framework targeting files

Small and highly portable detection tests based on MITRE's ATT&CK.

APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover su…

📦 de4dot deobfuscator with full support for vanilla ConfuserEx

Windows memory hacking library

PSAmsi is a tool for auditing and defeating AMSI signatures.

Credentials recovery project

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

ScareCrow - Payload creation framework designed around EDR bypass.

IOC from articles, tweets for archives

Threat Intel IoCs + bits and pieces of dark matter

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

VM setup for Malware RE labs

Open-source windows ransomware created for educational purposes

Reverse Engineer's Toolkit

Collection of malware source code for a variety of platforms in an array of different programming languages.

ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.

Hypervisor based anti anti debug plugin for x64dbg

Various public documents, whitepapers and articles about APT campaigns

Sysmon configuration file template with default high-quality event tracing

Remote forensics meta tool

my write-ups for flareon7

Malware Configuration And Payload Extraction

Zero-Day Code Injection and Persistence Technique

🖥 Chrome automation made simple. Runs locally or headless on AWS Lambda.

The Minimalistic x86/x64 API Hooking Library for Windows