ElvisBlue / emotet-deobfuscator
IDA plugin to deobfuscate emotet CFF
☆13Updated 2 years ago
Related projects: ⓘ
- Currently proof-of-concept☆16Updated 2 years ago
- genpatch is IDA plugin that generates a python script for patching binary☆30Updated 8 months ago
- .NET deobfuscator and unpacker (with a control flow unflattener for DoubleZero added).☆29Updated 2 years ago
- IDA Python deobfuscation script for ConfuserEx binaries☆34Updated 2 years ago
- Writeup and scripts for the 2021 malwarebytes crackme☆10Updated 2 years ago
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆18Updated 3 years ago
- ☆25Updated 10 months ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆31Updated last year
- Here are some of my malware reversing papers that I will be publishing☆30Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- EDR PoC WIP LLC☆10Updated 7 months ago
- A Windows API hooking library !☆30Updated 2 years ago
- Python 3 - Manipulation and conversation with different data type (Bytes operations)☆26Updated 2 years ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- Subtract one PE file from another!☆19Updated 2 years ago
- Neutralize KEPServerEX anti-debugging techniques☆30Updated last year
- Obfuscat is a tool and framework for obfuscation with predictable size and runtime overhead.☆33Updated 8 months ago
- Inlay hints for hex-rays☆18Updated this week
- A driver to implement IOCTL hooking☆23Updated 2 years ago
- ☆25Updated 9 months ago
- Delphi-Kawaii is a plugin for Ida Pro.☆16Updated last year
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆17Updated this week
- A small tool to unmap PE memory dumps.☆11Updated 10 months ago
- ☆12Updated this week
- Progress of learning kernel development☆13Updated last year
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Updated last year
- A Practical example of ELAM (Early Launch Anti-Malware)☆27Updated 2 years ago
- Code Integrity Violation Spotter☆16Updated 3 months ago
- PyKD DLLs for x86 and x64 platforms☆14Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆57Updated last year