blackberry / pe_tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.
☆1,323Updated 2 years ago
Alternatives and similar repositories for pe_tree:
Users that are interested in pe_tree are comparing it to the libraries listed below
- Windows kernel and user mode emulation.☆1,620Updated last month
- Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories☆1,114Updated 4 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,260Updated 2 weeks ago
- Virtual Machine Introspection, Tracing & Debugging☆578Updated 3 years ago
- Adversary tradecraft detection, protection, and hunting☆2,285Updated this week
- A True Instrumentable Binary Emulation Framework☆5,340Updated last week
- A Coverage Explorer for Reverse Engineers☆2,338Updated 8 months ago
- Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.☆893Updated 5 years ago
- IDA Pro utilities from FLARE team☆2,295Updated 5 months ago
- A Trace Explorer for Reverse Engineers☆1,378Updated last year
- A curated list of awesome Ghidra materials☆1,231Updated 3 years ago
- A static analyzer for PE executables.☆1,048Updated last year
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,468Updated 3 weeks ago
- Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU☆1,662Updated last year
- Interactive CTF Exploration Tool☆1,654Updated 3 years ago
- Automatic and platform-independent unpacker for Windows binaries based on emulation☆686Updated 6 months ago
- PE file viewer/editor for Windows, Linux and MacOS.☆1,054Updated this week
- DEFCON 27 workshop - Modern Debugging with WinDbg Preview☆719Updated 5 months ago
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,131Updated last month
- PE-bear (builds only)☆775Updated last year
- FakeNet-NG - Next Generation Dynamic Network Analysis Tool☆1,883Updated this week
- Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free…☆1,762Updated last month
- The Python interface for YARA☆683Updated 2 weeks ago
- A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.☆1,358Updated 10 months ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,134Updated 3 months ago
- Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)☆2,280Updated last month
- Reverse engineering framework in Python☆3,602Updated 2 months ago
- ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja…☆2,115Updated last year
- Diaphora, the most advanced Free and Open Source program diffing tool.☆3,784Updated 4 months ago
- Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Po…☆3,142Updated 2 months ago