flare-floss
win32-shellcode
flare-floss | win32-shellcode | |
---|---|---|
4 | 1 | |
3,016 | 4 | |
1.1% | - | |
9.3 | 10.0 | |
7 days ago | 9 months ago | |
Python | Python | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flare-floss
-
Why is this de-compiled code showing a different value in memory sometimes?
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
-
Static Analysis Research - Windows PE
Recently, I decided do delve a little bit more into static analysis, something beyond just running strings on a binary and getting the ASCII characters that are printable. I decided to take a deep look at how FLOSS is working and possibly recreate some of its functionality in my own tool.
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- Installed Kaspersky today, Trojan.Win32.Hosts2.gen detected. Malwarebytes and Windows Defender didn’t detected it before. False positive?
win32-shellcode
What are some alternatives?
yara - The pattern matching swiss knife
pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
capa - The FLARE team's open-source tool to identify capabilities in executable files.
yaralyzer - Visually inspect and force decode YARA and regex matches found in both binary and text data. With Colors.
gsoc - NumFOCUS Google Summer of Code Materials
theZoo - A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
gef - GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
pytextcodifier - :package: Turn your text files into codified images or your codified images into text files.
peresources
Microsoft-Activation-Scripts - A collection of scripts for activating Microsoft products using HWID / KMS38 / Online KMS activation methods with a focus on open-source code, less antivirus detection and user-friendliness.