A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …

Modular malware analysis artifact collection and correlation framework

These FLARE-VM configuration files are designed to be help setup a purpose-built installation, remove unnecessary packages to help streamline the installation.

My personal repository

Malware samples, analysis exercises and other interesting resources.

This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.

A script that extracts embedded images from Office Open XML (OOXML) documents and generates image hash similarity graphs that cluster visually similar images together. The script computes the Avera…

This IDA Python plugin is intended to get you started creating IDA Plugins with Python, recognize the importance of deobfuscating strings and work on translating assembly to a higher-level language…

Python3 script that can download samples directly from Abuse.CH or via submitted URLs

A collection of various signatures that I have either found or created, useful for malware analysis.

Python3 script that deobfuscates and then decodes base64 string that contains PowerShell script and extracts the URLs used to download Emotet binaries

Python3 script that wraps Shodan CLI - it resolves a domain to an IP and then performs a scan

This is a small Python3 script that allows you to search and download samples from Hybrid Analysis' v2 API

This repository contains sample code, projects and lab walk-throughs to help learn software exploitation.

A Burp Extension that parses emails from HTTP content and can optionally generate usernames.

This is a repository for a variety of academic projects