This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.
☆738Nov 30, 2025Updated 3 months ago
Alternatives and similar repositories for learning-reverse-engineering
Users that are interested in learning-reverse-engineering are comparing it to the libraries listed below
Sorting:
- This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be…☆684Jul 6, 2024Updated last year
- Malware samples, analysis exercises and other interesting resources.☆1,613Jan 13, 2024Updated 2 years ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆169Jul 20, 2024Updated last year
- ☆138Apr 20, 2023Updated 2 years ago
- A workshop about Malware Development☆1,764Jun 2, 2023Updated 2 years ago
- Hardcore Debugging☆931Jan 6, 2026Updated last month
- This is a repository of resource about Malware techniques☆824Apr 8, 2023Updated 2 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- Various ways to execute shellcode☆507Mar 13, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆762Jan 26, 2025Updated last year
- This repository contains relevant samples and data related to "Malware Reverse Engineering for Beginners" articles.☆63Feb 8, 2022Updated 4 years ago
- I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …☆287Aug 1, 2025Updated 7 months ago
- TartarusGate, Bypassing EDRs☆653Jan 25, 2022Updated 4 years ago
- ROP-based sleep obfuscation to evade memory scanners☆376Jun 22, 2025Updated 8 months ago
- PoCs and tools for investigation of Windows process execution techniques☆952Feb 2, 2026Updated 3 weeks ago
- ☆210Mar 22, 2021Updated 4 years ago
- This project aims to compare and evaluate the telemetry of various EDR products.☆1,927Jan 20, 2026Updated last month
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago
- A tutorial on how to write a packer for Windows!☆310Dec 15, 2023Updated 2 years ago
- EDR Lab for Experimentation Purposes☆1,413Updated this week
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the …☆1,821Nov 3, 2024Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆917Jul 20, 2024Updated last year
- Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀☆3,311Feb 17, 2026Updated last week
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆622Sep 26, 2023Updated 2 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Various code samples and useful tips and tricks from reverse engineering and malware analysis fields.☆106Jun 11, 2025Updated 8 months ago
- Creating a repository with all public Beacon Object Files (BoFs)☆576Aug 30, 2023Updated 2 years ago
- miscellaneous scripts and programs☆277Jan 23, 2025Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆776Jan 26, 2026Updated last month
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆503Dec 19, 2023Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,367Oct 27, 2023Updated 2 years ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆431Feb 18, 2026Updated last week
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Malwoverview is a rapid response tool used to gather intelligence information from VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malsh…☆3,548Jan 20, 2026Updated last month
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago