Stars
Kernel mode WinDbg extension and PoCs for token privilege investigation.
UNIX-like reverse engineering framework and command-line toolset
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, Th…
A simple, easy to use PowerShell script to remove pre-installed apps from Windows, disable telemetry, remove Bing from Windows search as well as perform various other changes to declutter and impro…
Examples of leaking Kernel Mode information from User Mode on Windows
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
The FLARE team's open-source tool to identify capabilities in executable files.
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m…
OSPG / binwalk
Forked from ReFirmLabs/binwalkFirmware Analysis Tool
IDA plugin for UEFI firmware analysis and reverse engineering automation
Exploit Development and Reverse Engineering with GDB Made Easy
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
A Coverage Explorer for Reverse Engineers
AddressSanitizer, ThreadSanitizer, MemorySanitizer
A fork of AFL for fuzzing Windows binaries