Open main menu

Changes

1,674 bytes added ,  11:07, 30 November 2023
m
Some stuff added
*[https://malcat.fr/index.html MalCat] - is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals. Inspect more than 40 binary file formats, dissassemble and decompile different CPU architectures, extract embedded files and scan for Yara signatures or anomalies in a fast and easy-to-use graphical interface.
====Pattern Matching/ Pattern Searching====
*[https://github.com/VirusTotal/yara Yara] - is a pattern matching swiss knife in the IT Security Researchers branch.
 
*[https://github.com/BurntSushi/ripgrep ripgrep (rg)] - is a line-oriented search tool that recursively searches the current directory for a regex pattern. By default, ripgrep will respect gitignore rules and automatically skip hidden files/directories and binary files.
 
*[https://linux.die.net/man/1/grep grep] - searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus (-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints the matching lines.
 
*[https://github.com/stefankueng/grepWin grepWin] - is a simple yet powerful search and replace tool which can use regular expressions to do its job. This allows to do much more powerful searches and replaces.
 
*[https://astrogrep.sourceforge.net/ AstroGrep] - is a Microsoft Windows grep utility. Grep is a UNIX command-line program which searches within files for keywords. AstroGrep supports regular expressions, versatile printing options, stores most recently used paths and has a "context" feature which is very nice for looking at source code.
====IAT Reconstructors (Windows)====
*[https://github.com/x64dbg/Scylla NtQuery Scylla] - is a Windows Portable Executable imports reconstructor Open Source and part of x64dbg.
 
====Process Dumpers (Windows)====
 
*[https://github.com/glmcdona/Process-Dump Process Dump (pd)] - is a Windows reverse-engineering tool to dump malware memory components back to disk for analysis. It uses an aggressive import reconstruction approach to make analysis easier, and supports 32 and 64 bit modules. Dumping of regions without PE headers is supported and in these cases PE headers and import tables will automatically be generated.
 
*[https://github.com/EquiFox/KsDumper KsDumper] - is a tool for dumping processes using the power of kernel space.
====API monitoring ring3 (Windows)====