IPython console integration for IDA Pro

Configuration extractors/decryptors for various Windows malware families.

protector & obfuscator & code virtualizer

protector & obfuscator & code virtualizer

Nidhogg is an all-in-one simple to use windows kernel rootkit.

Advanced driver monitoring utility.

Kernel Driver Utility

Python Decoders for Common Remote Access Trojans

WSHooker — Windows Script Hooking with Frida

A fork version of lldbinit https://github.com/gdbinit/lldbinit

An Interactive Binary Patching Plugin for IDA Pro

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

Browse Page Tables on Windows (Page Table Viewer)

DC3 Malware Configuration Parser (DC3-MWCP) is a framework for parsing configuration information from malware. The information extracted from malware includes items such as addresses, passwords, fi…

This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …

Programming productivity plugin for IDAPython and C++ development

Some of my publicly available Malware analysis and Reverse engineering.

Opcode calculator / ASM calculator

Implementation of the stream cipher - RC4 (Rivest Cipher 4) using both Python 2.x and 3.x

documentations, slides decks...

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Kernel Cache Decryption for iOS

Call Tree Overviewer

IDA plugin for quickly copying disassembly as encoded hex bytes

IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes