levanvn / APT32_DeobfuscateLinks
My scripts to deobfuscate APT32 malware
☆27Updated 3 years ago
Alternatives and similar repositories for APT32_Deobfuscate
Users that are interested in APT32_Deobfuscate are comparing it to the libraries listed below
Sorting:
- My conference presentations and Materials for them.☆32Updated 3 years ago
- ☆131Updated 3 years ago
- ☆25Updated 2 years ago
- PoC demonstrating the use of cve-2020-1034 for privilege escalation☆125Updated 4 years ago
- IDA Pro plugin for recognizing known hashes of API function names☆81Updated 3 years ago
- ☆90Updated 4 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆123Updated 5 years ago
- Windows API Hashes used in the malwares☆42Updated 10 years ago
- WIP Emotet Control Flow Unflattening using miasm and radare2☆23Updated 2 years ago
- Collection of slides☆33Updated last month
- Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities.☆14Updated 5 years ago
- Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in ord…☆189Updated 4 years ago
- IDA SIG files for multiarch uClibc library☆38Updated 7 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆99Updated 5 years ago
- ☆163Updated 4 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆108Updated 6 years ago
- Helper idapython code for reversing kmdf drivers☆74Updated 3 years ago
- A static analysis tool that helps security researchers scan a list of Windows kernel drivers for common vulnerability patterns in drivers…☆70Updated 3 years ago
- A small utility to deal with malware embedded hashes.☆52Updated 2 years ago
- PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.☆57Updated 4 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆42Updated 5 years ago
- LPE for CVE-2020-1054 targeting Windows 7 x64☆85Updated 5 years ago
- Web user interface and service agent for the monitoring and remote management of WinAFL.☆55Updated 2 months ago
- Parsers for custom malware formats ("Funky malware formats")☆97Updated 3 years ago
- ☆21Updated 5 years ago
- FLARE Kernel Shellcode Loader☆179Updated 6 years ago
- Go Lang Portable Executable Parser☆39Updated 4 years ago
- Exploits for YARA 3.7.1 & 3.8.1☆32Updated 6 years ago
- An exploit for CVE-2019-17026. It pops xcalc and was tested on Ubuntu (x64).☆47Updated 5 years ago
- Tools for fuzzing RDP☆131Updated 4 years ago