Stars
Live ETW-TI event viewer for Windows kernel threat-intelligence telemetry. Research tool for exploring the same signals commercial EDRs rely on.
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64
AI-Powered Reverse Engineering Plugin for IDA Pro
Open Source DeepWiki: AI-Powered Wiki Generator for GitHub/Gitlab/Bitbucket Repositories. Join the discord: https://discord.gg/gMwThUMeme
Vibe Reverse Engineer with IDA SQL: An interface for IDA in SQL via live virtual tables
BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
A library for detecting known secrets across many web frameworks
Enumerate and disable common sources of telemetry used by AV/EDR.
A fast, simple, recursive content discovery tool written in Rust.
This map lists the essential techniques to bypass anti-virus and EDR
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
Deobfuscation via optimization with usage of LLVM IR and parsing assembly.
Tracking interesting Linux (and UNIX) malware. Send PRs
Curated list of awesome tools, demos, docs for ChatGPT and GPT-3
f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.
IDA plugin which queries language models to speed up reverse-engineering
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
Dynamic unpacker and import fixer for Themida/WinLicense 2.x and 3.x.
An advanced tool for working with access tokens and Windows security policy.