CZE

Dump-GUY

Elite
@Dump-GUY

Security Researcher at Check Point (Former Forensic+Malware Analyst & Reverse Engineer - Military CERT)

Malware-analysis-and-Reverse-engineering. Some of my publicly available Malware analysis and Reverse engineering.

953

IDA_PHNT_TYPES. Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).

171

EXE-or-DLL-or-ShellCode. Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...

170

ConfuserEx2_String_Decryptor. ConfuserEx2 String Decryptor & Full Deobfuscation Guide

103

ghidra_scripts. Python

74

sc2pe. Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE

66

Get-PDInvokeImports. Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke usage in assembly. Showing all locations from where they are referenced and Exports all to DnSpy_Bookmarks.xml

54

Invoke-DetectItEasy. Invoke-DetectItEasy is a wrapper for excelent tool called Detect-It-Easy. This PS module is very useful for Threat Hunting and Forensics.

30

Python3---Binary-Data-Manipulation. Python 3 - Manipulation and conversation with different data type (Bytes operations)

28

Get-UnJlaive. Get-UnJlaive is tool which is able to reconstruct Jlaive (.NET Antivirus Evasion Tool (Exe2Bat)) to original Assembly and stub Assembly.

22

CAPA_JsonConver. Converts exported results of CAPA tool from .json format to another formats supporting by different tools.

22

CrackMe-Examples. Some of CrackMes made by me :)

18

tiny_tracer_tag_to_cutter. Python

17

VoiceC2_POC. Simple POC of Voice C2 using Speech Recognition

13

Powershell-Tools. Collection of some easy of use tools - in powershell.

10

sc2elf. Simple dotnet Native AOT app that uses LibObjectFile to convert shellcode to ELF

10

Jlaive. .NET Antivirus Evasion Tool (Exe2Bat)

9

Malware_TEMP. Temp files related to MA and RE

8

Go_CrackMe. Little Reversing CrackMe written in GO

7

capa. The FLARE team's open-source tool to identify capabilities in executable files.

5

ghidra_scripts-1. Scripts for the Ghidra software reverse engineering suite.

4

de4dot-cex. 📦 de4dot deobfuscator with full support for vanilla ConfuserEx

4

AntiCrack-DotNet. .NET Project containing plenty of advanced techniques to detect various types of malicious actions on your software, with syscall support.

3

minhook. The Minimalistic x86/x64 API Hooking Library for Windows

3

process_overwriting. Yet another variant of Process Hollowing

3

.NET-Deobfuscator. Lists of .NET Deobfuscator and Unpacker (Open Source)

3

practical-python. Practical Python Programming (course by @dabeaz)

3

tiny_tracer. A Pin Tool for tracing API calls etc

3

de4dot. .NET deobfuscator and unpacker.

3

VMPImportFixer. Fix VMProtect Import Protection

2

SysmonTools. Utilities for Sysmon

2

dp701. Dark theme for IDA Pro

2

x64dbg---Dark-Theme. Alternative to x64dbg build in dark theme.

2

hollows_hunter. Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

2

CrossInject. 32 bit process inject shellcode to 32 bit process and 64 bit process

2

apiscout. This project aims at simplifying Windows API import recovery on arbitrary memory dumps

2

sandbox-attacksurface-analysis-tools. Set of tools to analyze Windows sandboxes for exposed attack surface.

2

IDAPython-Malware-Scripts. Python

2

pe-sieve. Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

2

EDR-Freeze. EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

1

signify. Module to generate and verify PE signatures

1

FuncScanner. Collects extended function properties from IDA Pro databases

1

idascope. An IDA Pro extension for easier (malware) reverse engineering

1

SecHex-Spoofy. C# HWID Changer 🔑︎ Disk, Guid, Mac, Gpu, Pc-Name, Win-ID, EFI, SMBIOS Spoofing [Usermode]

1

hrtng. IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

1

ghidra-nativeaot. Ghidra .NET Native AOT Analyzer Plugin

1

dumbassembly. version 0.5.8

1

dnSpy. .NET debugger and assembly editor

1

SigFlip. SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

1

phnt-single-header. Single header version of System Informer's phnt library.

1

RETools. My reversing tools. Some custom, some not.

1
51
Apply