leandrofroes / gftrace

Related projects: ⓘ

• YoavLevi / IAT-Tracer
  An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…
  ☆105Updated 2 months ago
• struppigel / hedgehog-tools
  ☆103Updated last month
• KDSS-Research / MalwareDB
  ☆92Updated this week
• WithSecureLabs / GarbageMan
  GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.
  ☆114Updated last year
• therealdreg / masm32-kernel-programming
  masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
  ☆114Updated last year
• hasherezade / pe_unmapper
  Small tool to convert beteween the PE alignments (raw and virtual).
  ☆74Updated last year
• intel471 / coderex
  A tool that automates regex generation for the x86 and x86-64 instruction sets
  ☆61Updated 5 months ago
• airbus-cert / yara-ttd
  Use YARA rules on Time Travel Debugging traces
  ☆86Updated last year
• Dump-GUY / IDA_PHNT_TYPES
  Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  ☆101Updated 3 weeks ago
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆77Updated last year
• Bw3ll / ROP_ROCKET
  ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…
  ☆106Updated 2 weeks ago
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated 8 months ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆232Updated 5 months ago
• NozomiNetworks / upx-recovery-tool
  ☆94Updated last year
• N0fix / rustbininfo
  Get information about stripped rust executables
  ☆18Updated 2 weeks ago
• huntandhackett / concealed_code_execution
  Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows
  ☆194Updated 2 years ago
• enkomio / thematrix
  a PE Loader and Windows API tracer. Useful in malware analysis.
  ☆138Updated 2 years ago
• jk45054 / CTF-writeups
  Writeups for CTF challenges
  ☆28Updated 10 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆247Updated 8 months ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆227Updated last year
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆219Updated 11 months ago
• hasherezade / mal_unpack_drv
  MalUnpack companion driver
  ☆92Updated 3 months ago
• thefLink / Hunt-Weird-Syscalls
  ETW based POC to identify direct and indirect syscalls
  ☆170Updated last year
• Sentinel-One / peafl64
  Static Binary Instrumentation tool for Windows x64 executables
  ☆176Updated last month
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆112Updated last year
• hugsy / recon_2024_windbg_workshop
  ☆70Updated 2 months ago
• eset / nimfilt
  A collection of modules and scripts to help with analyzing Nim binaries
  ☆58Updated 3 weeks ago
• FuzzySecurity / BHUSA-2023
  ☆102Updated 2 months ago
• jstrosch / sclauncher
  A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …
  ☆121Updated 2 months ago
• KasperskyLab / Apihashes
  IDA Pro plugin for recognizing known hashes of API function names
  ☆82Updated 2 years ago