Malware Analysis

Reverse Engineer's Toolkit. Contribute to mentebinaria/retoolkit development by creating an account on GitHub.

toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.

Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces! - GitHub - 0x534a/dynmx: Signature-based detection of malware featu...

A static devirtualizer for VMProtect x64 3.x. powered by VTIL.

A binary analysis framework. Contribute to enkomio/Sojobo development by creating an account on GitHub.

Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…

As someone that primarily does Linux security research, I was frustrated that there wasn't an equivalent of an imphash for Linux ELF binaries. So, I decided to make one myself.

Go symbol recovery tool. Contribute to mandiant/GoReSym development by creating an account on GitHub.

Module to generate and verify PE signatures. Contribute to ralphje/signify development by creating an account on GitHub.

Sandbox for automated Linux malware analysis. Contribute to danieluhricek/LiSa development by creating an account on GitHub.

A small and portable Windows C library for sandbox detection

A modern tool for Windows kernel exploration and tracing with a focus on security

This post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.