AI Summary: Andromeda is a performance-oriented tool designed for accelerating the initial reverse engineering of Android applications, leveraging its C/C++ implementation. It aims to simplify the analysis process with a straightforward command-line interface, making it accessible for security researchers and developers. Currently in early development, Andromeda highlights the potential for speed improvements over alternative solutions in the same domain.

README

Andromeda makes initial reverse engineering work of Android applications bit faster and easier. Compared to other alternatives, it’s written in C/C++ and has a noticeable performance advantage.

AI Summary: The AntiCheat-Testing-Framework is a comprehensive tool designed for testing and analyzing various anti-cheat mechanisms in the gaming industry. It provides a modular architecture with several integrated modules, allowing users to customize their setup for specific testing purposes. This framework aims to democratize knowledge in the field of anti-cheat research, facilitating both learning and practical application.

README

AntiCheat-Testing-Framework

Framework to test any Anti-Cheat on the market. This can be used as Template or Code Base to test any Anti-Cheat and learn along the way. The entry level to reverse AntiCheats and Cheats is quite high, therefore, I’m realeasing all the code I developed during my research. The main idea is to help people and motive them to get into this topic which is really interesting and there is a lot to research about it.

AI Summary: AntiDBG is a tool designed for implementing various anti-debugging techniques on Windows, categorized by methods such as memory, CPU, timing, and forced exceptions. The primary use case is to create self-contained checks that automatically detach debuggers, enhancing the security of applications against reverse engineering. Notable features include a simple API for integration, a testing application named The Gauntlet to evaluate resistance against these techniques, and an emphasis on readability for educational purposes.

AI Summary: APK Studio is an open-source, cross-platform Integrated Development Environment (IDE) designed for reverse-engineering Android application packages (APKs). Its notable features include a built-in code editor with syntax highlighting for smali and other file types, automatic installation of essential tools, and support for manufacturer-specific frameworks, making it a comprehensive tool for decompiling, recompiling, and signing APKs. Additionally, APK Studio supports command-line operations, theming, and provides quick search functionalities across projects, enhancing the user experience for developers and analysts.

AI Summary: The DigiSpark Attiny85 repository provides a cost-effective alternative to Rubber Ducky, enabling users to program the Attiny85 to function as a Human Interface Device (HID) that sends keystrokes to a computer. It includes various pre-built payloads such as a Wi-Fi password stealer, UAC bypass, and keylogger, allowing for a range of offensive actions from data exfiltration to system exploitation. Users can easily set up their development environment and execute these payloads using the Arduino IDE.

AI Summary: The Binary Ninja API repository provides comprehensive C++, Python, and Rust APIs for the Binary Ninja reverse engineering platform, enabling developers to create plugins and enhance functionality. Notable features include extensive online documentation, examples for various applications, and support for building UI and headless plugins. The setup process includes CMake-based build instructions, ensuring compatibility with specific Binary Ninja versions through a revision hash.

README

Binary Ninja API

This repository contains documentation and source code of the C++, Python, and Rust APIs for the Binary Ninja reverse engineering platform.

AI Summary: BinExport is a plugin for disassemblers such as IDA Pro, Binary Ninja, and Ghidra that facilitates the export of disassembly data into Protocol Buffer format, which is essential for use with the BinDiff tool. Its primary use case is in binary analysis and reverse engineering, enabling users to perform efficient comparison and analysis of executable files. Notable features include support for multiple platforms (Linux, macOS, Windows) and seamless integration with popular static analysis tools.

AI Summary: BLUESPAWN is an active defense and endpoint detection and response tool designed for blue teams to monitor systems in real-time and identify malicious activities within a network. Its notable features include the ability to detect, identify, and eliminate malware, as well as its open-source nature, fostering community collaboration for continuous improvement. The tool emphasizes rapid detection and understanding of the Windows attack surface against advanced threats, while providing visibility into its detection capabilities aligned with the MITRE ATT&CK framework.

AI Summary: The zeldaret/botw repository is an experimental work-in-progress decompilation of The Legend of Zelda: Breath of the Wild version 1.5.0 for the Nintendo Switch. Its primary use case is to facilitate the understanding of the game’s internal mechanics, support glitch hunting efforts, and provide comprehensive documentation for future reverse engineering initiatives. Notable features include ongoing progress tracking and community collaboration through Discord for contributors.

README

The Legend of Zelda: Breath of the Wild

AI Summary: ByePg is a kernel-level tool that circumvents Windows PatchGuard and HVCI by leveraging an early-bugcheck hook through the hijacking of the HalPrivateDispatchTable. Its primary use case is to facilitate the implementation of exception-based hooks, allowing for the registration of high-level system-wide exception handlers and offering capabilities for kernel manipulation previously restricted by PatchGuard. Notably, the tool includes a base library and various examples that demonstrate syscall hooking and SEH handling, showcasing its potential for creating new attack surfaces.

AI Summary: DDisasm is a high-performance disassembler that accurately translates binaries from ELF and PE formats into a reassemblable assembly code representation using the GTIRB intermediate format. Utilizing the Datalog declarative logic programming language, it derives code locations, symbolization, and function boundaries, supporting multiple instruction set architectures including x86, ARM, and MIPS. Notable features include Docker support for easy setup and integration with GTIRB for further binary analysis and manipulation.

AI Summary: DeauthDetector is an open-source tool designed to monitor and detect Wi-Fi deauthentication attacks using an ESP8266 microcontroller. Its primary use case involves real-time identification of malicious deauth frames, indicated by an LED activation, making it an effective low-cost solution for network security monitoring. Notable features include customizable scanning options, support for multiple channels, and easy installation via precompiled binaries or Arduino integration.

README

DeauthDetector

Detect deauthentication frames using an ESP8266

AI Summary: DRAKVUF is an agentless, virtualization-based binary analysis tool designed for in-depth execution tracing of arbitrary binaries, including operating systems. Its primary use case is malware analysis, leveraging minimal footprint to remain stealthy during the examination process while supporting a range of Windows and Linux environments. Notable features include the ability to operate without installing additional software in the virtual machine and compatibility with hardware virtualization extensions in Intel CPUs.

AI Summary: edb-debugger is a cross-platform debugger that supports AArch32, x86, and x86-64 architectures, facilitating development and debugging across multiple operating systems, with Linux as the officially supported platform. Notable features include a user-friendly interface, compatibility with modern compilers and libraries, and ongoing development for additional platforms such as FreeBSD, OpenBSD, OSX, and Windows. The tool aims to replicate and extend the capabilities of Ollydbg while adding multi-architecture support.

README

AI Summary: efiXplorer is an IDA plugin and loader designed for the analysis and automation of reverse engineering UEFI firmware. Its primary use case is to facilitate the discovery of vulnerabilities in UEFI firmware through automated static analysis, and it provides features that enhance the recovery of service function calls within such firmware. Notably, it supports integration with various hex-ray tools and includes comprehensive documentation for installation and usage.

README

AI Summary: ESP32-DIV is an open-source multi-band wireless toolkit based on the ESP32, designed for wireless testing, signal analysis, jammer development, and protocol spoofing across Wi-Fi, BLE, 2.4GHz, and Sub-GHz frequency bands. Notable features include real-time packet monitoring, Wi-Fi deauthentication attacks, Bluetooth advertisement spoofing, and Sub-GHz command replay capabilities. The toolkit is intended strictly for educational and research purposes to ensure ethical usage in wireless security assessments.

README

ESP32-DIV

ESP32DIV - Advanced Wireless Toolkit

AI Summary: FilelessPELoader is a tool designed to load and execute AES-encrypted Portable Executable (PE) files directly into memory, bypassing the need for traditional file storage. Its primary use case is to facilitate stealthy execution of payloads in memory, enhancing evasion techniques commonly utilized in cybersecurity attacks. Notable features include the ability to decrypt the PE file in-memory and execute it without leaving traces on disk.

README

FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

AI Summary: Forensia is an anti-forensics tool designed for red teamers to eliminate traces during the post-exploitation phase. Its primary use case is to enhance evasion by supporting various functionalities such as unloading Sysmon drivers, employing the Gutmann method for file shredding, and disabling multiple logging mechanisms. Notable features include log erasure, file melting capabilities, and the ability to clear recent user activity and cache, thereby reducing the likelihood of detection by incident response teams.

AI Summary: GameTracking-CS2 is a tool designed to automate the tracking of in-game statistics and events for Counter-Strike 2, thereby reducing the manual effort involved in monitoring gameplay data. It provides seamless integration with existing GameTracking functionalities, allowing users to monitor game performance effortlessly. Notable features include real-time tracking capabilities and community support through its Discord channel.

README

Game Tracker: Counter-Strike 2

Tracking things, so you don’t have to.

See readme in main GameTracking repository for more information on how files are tracked.

AI Summary: GameTracking-Dota2 is a tool designed to automate the tracking of in-game statistics and player performance in Dota 2. Its primary use case is to relieve players of the manual effort involved in monitoring game data, providing streamlined insights into gameplay trends. Notable features include integration with a broader GameTracking ecosystem and community support via Discord.

README

Game Tracker: Dota 2

Tracking things, so you don’t have to.

See readme in main GameTracking repository for more information on how files are tracked.

AI Summary: GhostStrike is a sophisticated cybersecurity tool developed for Red Team operations, utilizing techniques such as process hollowing and dynamic API resolution to execute covert actions on Windows systems while evading detection. Its notable features include shellcode encoding/decoding, cryptographic key generation for enhanced security, and control flow flattening to complicate analysis efforts. Designed for educational use in controlled environments, GhostStrike emphasizes the importance of responsible usage.

README

GhostStrike ⚔️

GhostStrike is an advanced cybersecurity tool designed for Red Team operations, featuring sophisticated techniques to evade detection and perform process hollowing on Windows systems.

AI Summary: GpgFrontend is a modern encryption tool that leverages GnuPG to facilitate easy and secure encryption and signing of texts and files across multiple platforms, including Windows, macOS, and Linux. Key features include a portable solution that can be run from a USB drive, flexible management of key databases, and a strong focus on user privacy through various safety measures. The tool also supports extensive module development, allowing for customizable user experiences and features.

AI Summary: HAL is a sophisticated framework designed for netlist reverse engineering and manipulation, allowing users to parse and analyze netlists from various hardware sources, such as FPGAs and ASICs, into a graph-based representation. Key features include high performance through an optimized C++ core, flexibility via Python bindings, a modular plugin system for extended functionality, and a rich GUI for visual inspection and interactive analysis. The tool aims to serve as a common baseline for researchers and analysts in the field of hardware reverse engineering, facilitating reproducibility and efficiency in research efforts.

AI Summary: Herpaderping is a process obfuscation tool that manipulates the content of a file on disk after it has been mapped for execution, thereby misleading security products and the operating system about the actual process being run. Its primary use case is to facilitate stealthy execution of binaries by exploiting the timing of process creation callbacks and on-write scanning mechanisms, allowing an actor to modify the file after mapping but before the process starts. Notable features include the ability to remain undetected during file inspections and the execution of a binary while obscuring its original content through a specific workflow of creating, mapping, modifying, and executing targets.

AI Summary: HookCase is a powerful debugging and reverse engineering tool for macOS that enhances the capabilities of Apple’s DYLD_INSERT_LIBRARIES. It allows users to hook methods in any module, including non-exported functions, and can target both parent and child processes simultaneously. Key features include support for watchpoints and the ability to bypass Apple’s restrictions on DYLD_INSERT_LIBRARIES, making it suitable for working with applications that have entitlements.

README

HookCase

HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method in any module (even non-exported ones, and even those that don’t have an entry in their own module’s symbol table). In a single operation, it can be applied to a parent process and all its child processes, whether or not the child processes inherit their parent’s environment. It supports watchpoints. So HookCase is considerably more powerful than DYLD_INSERT_LIBRARIES. It also doesn’t have the restrictions Apple has placed on DYLD_INSERT_LIBRARIES. So, for example, HookCase can be used with applications that have entitlements. HookCase runs on OS X 10.9 (Mavericks) through macOS 26 (Tahoe).

AI Summary: The hrtng IDA plugin provides a suite of tools designed to enhance the reverse engineering process within the IDA Pro environment, specifically leveraging the Hex-Rays decompiler. Its notable features include automation of variable renaming, interactive pseudocode transformations, various decryption capabilities, and assistance with obfuscated code analysis, all aimed at improving the efficiency and accuracy of binary analysis tasks. The plugin integrates seamlessly into IDA’s existing functionality, offering a structured approach to handling complex code scenarios.

AI Summary: Iaitō is a GUI application developed in Qt and C++ that serves as a frontend for the radare2 reverse engineering framework, specifically targeting users who are not familiar with command-line interfaces. The tool is designed to lower the barrier of entry for new users by providing a more accessible interface, although it is currently in an alpha state and primarily intended for developers. Notable features include cross-platform support for OS X, Linux, and Windows, along with installation requirements for radare2 and Qt.

AI Summary: Juicy Potato is a Local Privilege Escalation tool designed to exploit COM servers for escalating privileges from Windows Service Accounts to NT AUTHORITY\SYSTEM. Notable features include customizable CLSID targeting, flexible COM listening configurations (IP and port), and multiple process creation modes, enabling users to launch executables or scripts with different impersonation privileges. This tool is particularly effective for users with SeImpersonate or SeAssignPrimaryToken privileges, allowing them to bypass security mechanisms on Windows systems.

AI Summary: Keylogger is a lightweight, open-source tool developed in Visual C++ for educational purposes, designed to monitor system activity by capturing keystrokes, mouse clicks, and periodic screenshots in stealth mode. Its notable features include FTP integration for automatic log uploads, the ability to run unnoticed in the background, and persistence through auto-start and auto-copy mechanisms. The tool emphasizes ethical use, warning against unauthorized application.

README

Keylogger

Please don’t forget to give us a ⭐ if you find this project useful!

AI Summary: Keylogger is a lightweight multi-platform tool designed to record keystrokes on Windows, Linux, and Mac OS, saving them to a local log file. Its primary use case includes personal monitoring for computer security and self-analysis, with notable features such as the ability to run in both visible and invisible modes on Windows, and a straightforward installation process across all supported operating systems.

README

A simple keylogger for Windows, Linux and Mac

AI Summary: Keystone is a lightweight and versatile multi-platform assembler framework supporting various architectures including Arm, RISC-V, and X86, among others. It features a clean architecture-neutral API, is thread-safe, and provides bindings for multiple programming languages, making it an ideal tool for developers needing assembly capabilities across different environments. Built on LLVM, Keystone enhances functionality and offers open-source licensing options suitable for both personal and commercial use.

README

Keystone Engine

AI Summary: lazy_importer is a C++ library designed to obfuscate API calls, enhancing the difficulty of reverse engineering software by ensuring that no identifiable strings or import declarations remain in memory or the executable. Key features include inlining capabilities, zero memory allocation, randomized function hashes for each compilation, and the ability to call functions without leaving a trace in data sections. This tool is particularly valuable for developers aiming to protect their software from static analysis and reverse engineering techniques.

AI Summary: librw is a cross-platform library designed to re-implement parts of RenderWare graphics, facilitating rendering and file format conversion across various platforms. It supports DFF and TXD file formats for PS2, D3D8, D3D9, and Xbox, with rendering capabilities via D3D9 and OpenGL backends, while being particularly useful for rendering within projects like GTA. Notable features include adaptable file format support, backend rendering versatility, and ongoing compatibility for multiple platforms.

AI Summary: 视觉小说翻译器 / Visual Novel Translator

视觉小说翻译器 / Visual Novel Translator

AI Summary: makin is a malware assessment tool designed to simplify the process of identifying anti-debugging techniques employed by malicious samples. It injects a DLL into the target process to monitor specific API calls, providing insights into debugger detection methods, and can generate IDA Pro scripts for setting breakpoints at the identified APIs. Notable features include the ability to hook various functions from ntdll.dll and kernelbase.dll, effectively revealing complex anti-debugging strategies.

AI Summary: Medusa is a modular and interactive disassembler that supports Windows, Linux, and OSX platforms, tailored for analyzing various file formats such as ELF, PE, Mach-O, and GameBoy binaries. It integrates seamlessly with libraries like Boost and Qt5, offering an extensible architecture for disassembly and limited semantic analysis, particularly for specific instruction sets like x86 and GameBoy. Notable features include support for file imports and exports, varying levels of symbol handling, and the ability to work with multiple architectures and binary types.

AI Summary: Millennium is an open-source low-code framework that enables users to create, manage, and utilize plugins and themes for the desktop Steam Client without complex system interactions. Key features include a TypeScript frontend and Lua backend architecture, the ability to customize themes with JavaScript and CSS, and a curated Plugin Database to ensure version compatibility and stability when enhancing the Steam experience. This framework simplifies modding for users, allowing extensive personalization while avoiding low-level code manipulation.

AI Summary: Multi Theft Auto: San Andreas (MTA) is an open-source modification that enables multiplayer gameplay for the single-player version of Grand Theft Auto: San Andreas through an advanced game engine framework. It incorporates networking and GUI rendering capabilities while allowing extensive customization via a Lua scripting language, making it possible to create custom game modes and content for multiple players. Notable features include code injection techniques for game manipulation without altering original files, a robust resource management system for asynchronous content delivery, and a collaborative community for development and support.

AI Summary: Nidhogg is a versatile kernel-level rootkit designed for Windows 10 and 11, enabling a wide array of operations directly from kernel space. Its primary use case is to facilitate stealthy and powerful control over system processes, threads, files, and registry items, featuring advanced capabilities such as process hiding, memory scanner bypassing, and credential dumping. Notable features include a built-in AMSI bypass, support for reflective loading, and a Nidhogg Object File (NOF) for custom kernel-mode code execution, enhancing its integration with command-and-control (C2) frameworks.

AI Summary: Obfuscator is a native C++23 code obfuscation tool designed to enhance software security by transforming executable code through various methods such as bogus control flow and constant encryption. Its primary use case is to protect applications from decompilation and reverse engineering, making it compatible with popular disassemblers like IDA and Ghidra. Notable features include customizable function and transform configurations, support for both Linux and Windows platforms, and the ability to specify additional debugging information through PDB and MAP files.

AI Summary: open-appsec is a machine learning-based web application and API threat protection tool designed to guard against OWASP Top 10 vulnerabilities and zero-day attacks. It employs a dual-phase evaluation process using both supervised and unsupervised models to intelligently assess the legitimacy of HTTP requests based on user interaction patterns and predefined attack indicators. Notable features include support for deployment on Linux, Docker, and Kubernetes environments, along with flexible management options through declarative configuration, Helm charts, and a SaaS web interface.

AI Summary: openblack is an open-source reimplementation of the classic game “Black & White” (2001), developed using modern C++ and contemporary rendering technologies like OpenGL and Vulkan. This tool primarily serves to allow users to experience the original gameplay while requiring the original game assets for operation. Noteworthy features include pre-built binaries for multiple platforms, including Windows, Linux, and macOS, along with experimental builds for additional architectures and devices.

README

openblack

AI Summary: Osiris is a cross-platform game hacking tool designed for Counter-Strike 2, featuring a graphical user interface based on the game’s Panorama UI. Its primary use case is to enhance gameplay through various functions such as customizable visual indicators for bomb planting and inaccuracy visualizations without relying on traditional C++ runtime libraries or external dependencies. Notable features include customizable color schemes for game elements, enhanced player information rendering, and support for both Windows and Linux compilation.

AI Summary: PE-bear is a multiplatform reversing tool designed for analyzing PE (Portable Executable) files, focusing on providing a quick and flexible initial inspection for malware analysts. It supports handling malformed PE files and comes equipped with an updated signature database from PEiD, enhancing its detection capabilities. Additionally, PE-bear can be easily installed on various platforms, including Windows and Linux, and is compatible with multiple package managers.

README

PE-bear

AI Summary: PE-sieve is a lightweight malware detection tool that scans individual processes for malicious implants such as injected PEs, shellcodes, and various in-memory modifications. It effectively identifies techniques like Process Hollowing and Reflective DLL Injection, allowing for the extraction and analysis of detected threats. Additionally, PE-sieve can be integrated as a DLL with a simple API for use in other applications, enhancing its versatility in malware analysis workflows.

README

AI Summary: Proofs-of-concept

Proofs-of-concept

AI Summary: Project Restoration is a patch for Majora’s Mask 3D that reintroduces mechanics from the original game while resolving gameplay issues to enhance player experience. Notable features include an improved swimming mechanic for Zora Link, adjustments to the Inverted Song of Time’s effect, and modifications to the Twinmold battle for clarity and pacing. The project aims to blend the best aspects of the original game with the enhanced graphics of the remaster, ensuring a polished gameplay experience without game-breaking issues.

AI Summary: PS2Recomp is an experimental static recompiler for PlayStation 2 ELF binaries that translates MIPS R5900 instructions into C++ code. Its primary use case involves recompiling and executing PS2 games while allowing configuration for stubs, skips, and instruction patches. Notable features include customizable syscall handling, support for PS2-specific macros, and integration with Ghidra for efficient function export and mapping.

README

PS2Recomp: PlayStation 2 Static Recompiler (Experimental)

Also check our WIKI

AI Summary: QBDI is a modular dynamic binary instrumentation (DBI) framework designed for cross-platform and cross-architecture use, supporting various operating systems including Linux, macOS, Android, iOS, and Windows. It provides C/C++ APIs along with Python and JavaScript bindings, facilitating scripting while integrating seamlessly with external injection tools like Frida. Notable features include the ability to instrument binaries without a preferred injection method and an LD_PRELOAD-based injector for dynamic executables on Linux and macOS, although it currently does not support multithreading or C++ exception handling.

AI Summary: REDasm is a cross-platform disassembler designed for both hobbyists and professional reverse engineers, featuring a modern codebase and a user-friendly Qt frontend. It supports C++ and Python 3 plugins, multithreaded analysis, and various binary formats including Portable Executable and ELF, while providing capabilities like binary lifting and intermediate language analysis. The underlying architecture, driven by LibREDasm, allows for extensive customization and the addition of new languages.

README

Features | Compile | Reddit | Twitter | Telegram

Tested on Windows and Linux.

AI Summary: Rigel Engine is a modern re-implementation of the classic game Duke Nukem II, enabling it to run natively on today’s operating systems while maintaining compatibility with the original game’s data files. Its key features include widescreen support, improved graphics and performance with smooth scrolling, quick save functionality, enhanced controller support, and extended modding capabilities, all achieved through reverse engineering due to the absence of the original source code. The tool is stable and supports multiple platforms, including Windows, Linux, and macOS, with minimal system requirements.

AI Summary: rz-ghidra is an integration of the Ghidra decompiler and Sleigh disassembler specifically designed for the Rizin framework. This plugin allows users to decompile functions, output various formats such as XML and JSON, and customize settings for decompilation in a self-contained manner without requiring the full Ghidra suite. Notable features include seamless integration with Rizin, side-by-side decompilation views, and extensive configurability through various parameters for enhanced user experience.

README

rz-ghidra

This is an integration of the Ghidra decompiler and Sleigh Disassembler for Rizin. It is solely based on the decompiler part of Ghidra, which is written entirely in C++, so Ghidra itself is not required at all and the plugin can be built self-contained. This project was presented, initially for radare2, at r2con 2019 as part of the Cutter talk: https://youtu.be/eHtMiezr7l8?t=950

AI Summary: Sogen is a high-performance Windows user space emulator designed for syscall-level operation, granting detailed control over process execution, particularly useful in security analysis, malware dissection, and DRM research. Notable features include advanced memory management, complete PE loading support, implemented Windows structured exception handling, a scheduled threading model, and comprehensive debugging interfaces, including GDB compatibility for seamless integration with popular debugging tools.

README

Sogen is a high-performance Windows user space emulator that operates at syscall level, providing full control over process execution through comprehensive hooking capabilities.

AI Summary: Special K is a versatile tool designed for PC gaming that enhances graphics and performance through code injection. It allows users to modify game behavior by injecting its DLL into applications, supporting both local and global injection methods, which enables a wide range of visual and performance adjustments. Notable features include performance analysis tools, shader and texture modifications, and compatibility with various graphics APIs in both Windows and WINE environments.

AI Summary: Stegseek is a high-performance steghide cracker designed to efficiently extract hidden data from files, achieving remarkable speeds by leveraging a comprehensive wordlist, such as rockyou.txt, to crack passwords in under two seconds. Its primary use case includes both password cracking and the detection of steghide metadata without requiring passwords, enabling users to ascertain file contents speedily. Notable features include the ability to brute-force the random number generator used in steghide to recover unencrypted files and detailed metadata extraction.

AI Summary: TegraRcmGUI is a Windows-based graphical user interface that facilitates the injection of payloads into Nintendo Switch consoles utilizing the Fusée Gelée exploit for RCM mode. Key features include the ability to manage favorites, run Linux on the Switch, mount the device as USB mass storage, and dump BIS keys for eMMC content decryption. The tool also offers conveniences such as auto-injection options, minimizing to the system tray, and automatic startup with Windows.

AI Summary: Telemetry Sourcerer is a tool designed for red teamers and security researchers to enumerate and disable various sources of telemetry utilized by antivirus and endpoint detection and response (EDR) systems on Windows. It features the ability to suppress kernel-mode callbacks, unhook inline user-mode hooks, and identify relevant Event Tracing for Windows (ETW) sessions, making it instrumental in identifying blind spots and validating evasion techniques within lab environments. However, it is primarily for research applications and carries OPSEC risks if deployed in production settings.

AI Summary: Textractor is an open-source text hooking tool designed for x86/x64 video games on Windows and Wine, enabling users to extract in-game text for translation or accessibility purposes. It features automatic hooking for multiple game engines, extensive customization options, and support for AGTH hook codes, making it adaptable for varied gaming environments. The tool also allows for the development of custom extensions, enhancing its functionality and user experience.

README

Textractor

AI Summary: Tilted Online is a framework designed to facilitate multiplayer gameplay in Bethesda’s Skyrim Special Edition. It provides essential components such as game client sources, an immersive launcher, and server implementations, all structured to enhance the multiplayer experience. Notable features include a modular architecture for client-server interactions and community-driven development, allowing contributors with C++ experience to actively participate.

README

Tilted Online

AI Summary: Tiny Tracer is a binary instrumentation tool designed for tracing API calls, defined local functions, selected instructions, and inline system calls, while also evading various anti-debug and anti-VM techniques. It generates detailed reports in a .tag format, which can be utilized by other analysis tools, facilitating deeper insights into a program’s execution flow. The tool is primarily aimed at security researchers and analysts who need to examine malicious binaries or analyze software behavior in a controlled environment.

AI Summary: Open Source Tripwire® is a file integrity monitoring tool designed to detect and alert users about unauthorized changes to files and directories by comparing the current filesystem state against a predefined baseline. It features a highly configurable policy file system for specifying which attributes to monitor, the capability to sign configuration and report files for added security, and the ability to generate and manage cryptographic keys for multiple machines. Users can utilize it to establish secure baselines and automate periodic checks, enhancing overall system integrity and security.

AI Summary: Triton is a dynamic binary analysis library designed for building program analysis tools, enabling automated reverse engineering and software verification. It supports dynamic symbolic execution and taint analysis across multiple architectures including x86, ARM, and RISC-V, and features a powerful API in both C++ and Python, as well as capabilities for expression synthesis, SMT solver integration, and LLVM lifting.

README

Triton is a dynamic binary analysis library. It provides internal components that allow you to build your program analysis tools, automate reverse engineering, perform software verification or just emulate code.

AI Summary: VulHunt is a vulnerability hunting framework aimed at assisting security researchers in identifying vulnerabilities within software binaries and UEFI firmware. Built on Binarly’s BIAS, it supports large-scale vulnerability management and integrates community-developed rulepacks while offering scanning capabilities for various binary formats, including BA2 and Binary Ninja databases. Additionally, it features an MCP server for integration with AI assistants, facilitating real-time vulnerability analysis and reporting.

README

VulHunt Community Edition

VulHunt is a vulnerability hunting framework developed by Binarly’s Research team. It is designed to help security researchers and practitioners identify vulnerabilities in software binaries and UEFI firmware. VulHunt is built on top of Binarly’s Binary Analysis and Inspection System (BIAS), which provides a powerful and flexible environment for analysing and understanding binaries. VulHunt integrates with the capabilities of the Binarly Transparency Platform (BTP) to enable large-scale vulnerability management, hunting, and triage capabilities.

AI Summary: Wazuh is an open-source security platform designed for threat prevention, detection, and response across various environments, including on-premises, virtualized, containerized, and cloud settings. It features an endpoint security agent that collects data for analysis by a centralized management server, fully integrated with the Elastic Stack for enhanced search and visualization of security alerts. Key capabilities include intrusion detection, log data analysis, file integrity monitoring, vulnerability detection, configuration assessment, and automated incident response, making it a comprehensive tool for maintaining security compliance and mitigating threats.

AI Summary: XELFViewer is a cross-platform ELF file viewer and editor designed for Windows, Linux, and MacOS environments. Its primary use case includes analyzing and modifying ELF (Executable and Linkable Format) files, which are commonly used in Unix-based operating systems. Notable features include a user-friendly interface for navigation, functionality for both viewing and editing file contents, and support for community translations.

README

ELF file viewer/editor for Windows, Linux and MacOS.

AI Summary: XMachOViewer is a cross-platform Mach-O file analysis tool designed for Windows, Linux, and macOS. Its primary use case involves examining Mach-O binaries through features such as heuristic scanning, string and hex viewing, disassembly, entropy analysis, and dynamic library linking, enabling users to uncover characteristics, anomalies, and cryptographic signatures within the files. Notable features include support for multiple architectures, automatic file format detection, and a detailed symbol table viewer.

AI Summary: xoreos is an open-source reimplementation of BioWare’s Aurora engine, targeting classic games like Neverwinter Nights and Dragon Age II to provide portable access across platforms. The tool currently supports basic graphics rendering and sound playback, with partial in-game graphics and a starting point for a scripting system, though no full gameplay mechanics are implemented yet. Its modular design allows for contributions from the community, fostering ongoing development and enhancement of supported titles.