cylance / winapi-deobfuscation
Towards Generic Deobfuscation of Windows API Calls
☆50Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for winapi-deobfuscation
- Exploits for YARA 3.7.1 & 3.8.1☆30Updated 5 years ago
- My conference presentations and publications☆26Updated 2 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆39Updated 5 years ago
- WIP Emotet Control Flow Unflattening using miasm and radare2☆23Updated last year
- winAFL patch to enable network-based apps fuzzing☆37Updated 6 years ago
- ☆44Updated 4 years ago
- IDA Pro resources, scripts, and configurations☆111Updated 8 months ago
- reven2-scripts contains a set of REVEN scripts to automate timeless-analysis on REVEN traces.☆30Updated 2 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆36Updated 6 years ago
- Extract OLEv1 objects from RTF files by instrumenting Word☆51Updated 5 years ago
- Exploits for the win32kfull!bFill vulnerability on Win10 x64 RS2 using Bitmap or Palette techniques☆53Updated 7 years ago
- Analysis of VBS exploit CVE-2018-8174☆30Updated 6 years ago
- Flare-On solutions☆36Updated 5 years ago
- Internet Explorer Exploit with CFG bypass for Windows 10☆53Updated 7 years ago
- Code snippets for Qiling Tutorials☆20Updated 4 years ago
- A Fuzzer for Windows NDIS Drivers OID Handlers☆91Updated 3 years ago
- x86 bootloader emulation with Miasm (case of NotPetya)☆40Updated 5 years ago
- PoC for a snapshot-based coverage-guided fuzzer targeting Windows kernel components☆68Updated 3 years ago
- A collection of empty MSVC projects, compiled using various versions and configurations of Visual Studio.☆30Updated 5 months ago
- ☆49Updated 5 years ago
- A little WinDbg extension to help dump the state of Win32k Type Isolation structures.☆38Updated 6 years ago
- Hansel - a simple but flexible search for IDA☆26Updated 5 years ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆54Updated 4 years ago
- HITCON CTF 2018☆45Updated 6 years ago
- My notes about Genyatyk VM crackme☆27Updated 4 years ago
- Python based angr plug in for IDA Pro.☆34Updated 6 years ago
- Import DynamoRIO drcov code coverage data into Ghidra☆42Updated 11 months ago
- ARG: Automatic ROP chains Generation☆22Updated 5 years ago
- Windows 10 RS2/RS3 exploitation primitives based on the OffensiveCon 2018 talk☆55Updated 6 years ago