Rust Library Recognition Project for Rust Malware by the MSTIC-MIRAGE Team
☆345Feb 12, 2026Updated 2 weeks ago
Alternatives and similar repositories for RIFT
Users that are interested in RIFT are comparing it to the libraries listed below
Sorting:
- A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.☆100Jan 3, 2026Updated last month
- Dynamic Indirect Syscalls via JOP/ROP in Pure no_std, no_alloc, no dependency Rust☆43Aug 6, 2025Updated 6 months ago
- Idiomatic Rust bindings for the IDA SDK, enabling the development of standalone analysis tools using IDA v9.x’s idalib☆248Feb 22, 2026Updated last week
- A New Exploitation Technique for Visual Studio Projects☆11Nov 5, 2023Updated 2 years ago
- Rerousces related to time-travel debugging (TTD)☆31Jan 6, 2026Updated last month
- NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (eithe…☆252Feb 19, 2026Updated last week
- Bin2Wrong: a Unified Fuzzing Framework for Uncovering Semantic Errors in Binary-to-C Decompilers☆59May 20, 2025Updated 9 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…☆53Sep 22, 2025Updated 5 months ago
- Slides and files for the Reversing Rust Binaries: One step beyond strings workshop at REcon 2024, presented on June 28, 2024.☆81Jun 30, 2024Updated last year
- A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆38Mar 6, 2025Updated 11 months ago
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- ELF binary forensics tool for APT, virus, backdoor and rootkit detection☆51Nov 7, 2024Updated last year
- Modular and extensible library for Virtual Machine Introspection☆117Updated this week
- various methods of making API calls☆19Feb 1, 2025Updated last year
- This repository contains an IDA processor for loading and disassembling compiled yara rules.☆44Dec 31, 2024Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆104Feb 25, 2025Updated last year
- A Payload Analysis Framework☆117Oct 9, 2025Updated 4 months ago
- A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads.☆71Nov 16, 2025Updated 3 months ago
- Rust bindings to the System Informer's (formerly known as Process Hacker) "phnt" native Windows headers☆50Jun 1, 2025Updated 9 months ago
- Obfuscator-llvm Control Flow Flattening Deobfuscator☆243Apr 16, 2025Updated 10 months ago
- A small How-To on creating your own weaponized WSL file☆121Jul 23, 2025Updated 7 months ago
- Python tool to resolve all strings in Go binaries obfuscated by garble☆192Feb 21, 2025Updated last year
- FLARE Team's Binary Navigator☆308Updated this week
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- WinDbg plugin to trace module transitions from a debugged driver.☆40Dec 22, 2025Updated 2 months ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Plugin interface for remote communications with Binary Ninja database and MCP server for interfacing with LLMs.☆59Feb 21, 2026Updated last week
- Symbol Recovery Tool for Nuitka Binaries☆80Dec 25, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A lightweight PowerShell tool for assessing the security posture of Microsoft Entra ID environments. It helps identify privileged object…☆317Feb 8, 2026Updated 3 weeks ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 8 months ago
- Resolve symbols from release rust binaries on Windows☆21Jan 17, 2024Updated 2 years ago
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆515Feb 15, 2026Updated 2 weeks ago
- ☆31Feb 28, 2025Updated last year
- 64-bit, position-independent implant template for Windows in Rust.☆173Nov 28, 2025Updated 3 months ago
- find dll base addresses without PEB WALK☆160Jul 13, 2025Updated 7 months ago
- Binary Ninja plugin to analyze and simplify obfuscated code☆237Oct 11, 2025Updated 4 months ago