Collection of tips, tools, arsenal and techniques I've learned during RE and other CyberSecStuff
☆58Sep 15, 2025Updated 6 months ago
Alternatives and similar repositories for KnowledgeBase
Users that are interested in KnowledgeBase are comparing it to the libraries listed below
Sorting:
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- UnpacMe IDA Byte Search☆29Nov 20, 2023Updated 2 years ago
- Defeating Anti-Debugging Techniques for Malware Analysis☆12Oct 1, 2022Updated 3 years ago
- ☆12Jun 29, 2021Updated 4 years ago
- ☆76Nov 30, 2023Updated 2 years ago
- How to retro theme your Ghidra☆36Feb 24, 2026Updated 3 weeks ago
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 2 weeks ago
- ☆25Jan 8, 2024Updated 2 years ago
- A tool for de-obfuscating PowerShell scripts☆71Apr 24, 2019Updated 6 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- This repository contains files from AppGate / Immunity Malware Analysis Team.☆21Oct 19, 2021Updated 4 years ago
- A small tool to unmap PE memory dumps.☆11Nov 9, 2023Updated 2 years ago
- Frida example to trace VBA CreateObject calls and some string deobfuscations calls. You need latest Frida 12.9.8 for improved symbol look…☆25Sep 3, 2020Updated 5 years ago
- Unpacking and decryption tools for the Emotet malware☆44Dec 5, 2021Updated 4 years ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 2 years ago
- AutoIt Analysis Library: Parser & Emulator For Malware Researchers☆21Apr 27, 2019Updated 6 years ago
- shared samples from #dailyphish and/or #apt tweets☆41Sep 3, 2025Updated 6 months ago
- function identification signatures☆12Apr 26, 2021Updated 4 years ago
- Ida Pro plugin to aid in reverse engineering Rust binaries.☆19Dec 9, 2024Updated last year
- Custom instruction length for hex-rays☆28Jan 17, 2026Updated 2 months ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Jul 9, 2023Updated 2 years ago
- This repository contains sample log data that were collected after running adversary simulations in Microsoft 365☆24Oct 9, 2024Updated last year
- Generates YARA rules to detect malware using API hashing☆17Mar 16, 2021Updated 5 years ago
- A simple utility to list all methods of a given .NET Assembly and to invoke them☆75Sep 21, 2021Updated 4 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- x64 version☆36Oct 8, 2021Updated 4 years ago
- Various short scripts and tools used for Digital Forensics☆14Apr 13, 2025Updated 11 months ago
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆74Apr 18, 2024Updated last year
- ☆13Oct 29, 2022Updated 3 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆142Sep 19, 2022Updated 3 years ago
- ☆13Jun 20, 2013Updated 12 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆28Jun 2, 2024Updated last year
- ☆19Aug 6, 2021Updated 4 years ago
- Integration of Syntia program synthesis tool into the radare2 reverse engineering framework.☆21Dec 4, 2025Updated 3 months ago
- A Rust library along with a Win32 GUI application to determine the driver load order of a Windows system (cf. https://colinfinck.de/posts…☆12Jan 26, 2025Updated last year
- A python script that can detect and parse loki-bot (malware) related network traffic. This script can be helpful to DFIR analysts and sec…☆13Dec 31, 2021Updated 4 years ago
- Scripts, Yara rules and other files developed during malware investigations☆27Aug 19, 2022Updated 3 years ago
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago