Malware remains as one of the most effective tools used by cyber criminals to commit fraud. Far from now are the days in which viruses were just jokes. And it is not me being dramatic, just look at the news and you will see that this situation is getting…

PE file viewer/editor for Windows, Linux and MacOS. - horsicq/XPEViewer

Unofficial YARA IDA Pro plugin, along with an unparalleled crypto/hash/compression rule set based on Luigi Auriemma's signsrch signatures. - kweatherman/yara4ida

Methodology for reverse engineering Windows drivers, finding vulnerabilities and understanding their exploitability.

Official x64dbg plugin for Binary Ninja. Contribute to x64dbg/x64dbgbinja development by creating an account on GitHub.

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. - janoglezcampos/llvm-yx-callobfuscator

A universal memory dumper using Frida. Contribute to Nightbringer21/fridump development by creating an account on GitHub.

Contribute to waleedassar/SimpleNTSyscallFuzzer development by creating an account on GitHub.

The Portable Executable (PE) base relocation table is crucial in Windows executable files. It handles memory addresses for functions and data, making sure the program runs well no matter where it's loaded in memory.

Contribute to zerozenxlabs/ZDI-24-020 development by creating an account on GitHub.

Twitter: https://twitter.com/ficti0n
Web: https://cclabs.io
https://console-cowboys.blogspot.com/

This video goes over learning how to use binary ninja for scripting

Publications This research has been presented at:
DEF CON 31 - ELECTRONizing macOS privacy Objective By the Sea - ELECTRONizing macOS Privacy - a New Weapon in Your Red Teaming Armory The backstory In 2019 I wrote a blog post about injecting code to Electron…

Simple x86/x64 Assembler/Disassembler/Emulator. Contribute to zodiacon/QuickAsm development by creating an account on GitHub.