All

38 repositories

adversarial-dga-framework
Public
GNU Affero General Public License v3.0
•0•0•0•0•Updated Apr 22, 2026Apr 22, 2026
APOTHEOSIS
Public
A specialized implementation of the Hierarchical Navigable Small World (HNSW) data structure adapted for efficient nearest neighbor lookup of approximate matchi…
python3 approximate-nearest-neighbor-search approximate-matching
python3 approximate-nearest-neighbor-search approximate-matching hnsw
Python
•
GNU General Public License v3.0
•4•12•0•0•Updated Apr 13, 2026Apr 13, 2026
MARISSA
Public
MessAge foRmat Inference with Similarity digeSt Algorithms
network reverse-engineering protocols
network reverse-engineering protocols pre
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Apr 12, 2026Apr 12, 2026
synoptic
Public
Synoptic: Concolic execution for network protocol inference
python symbolic-execution finite-state-machine
python symbolic-execution finite-state-machine pintool network-analysis network-protocols concolic-execution dynamic-control-flow-graph
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Apr 11, 2026Apr 11, 2026
MANTILLA
Public
...
Jupyter Notebook
•
GNU General Public License v3.0
•0•0•0•0•Updated Apr 11, 2026Apr 11, 2026
heaplist
Public
Volatility 3 plugin to extract the heap from Windows memory images
windows incident-response dfir
windows incident-response dfir heap digital-forensics digital-forensics-incident-response volatility3
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Dec 20, 2025Dec 20, 2025
BinTopsy
Public
A lightweight Python toolkit for static malware analysis, binary entropy visualization, and threat intelligence gathering. Includes tools for disassembly, YARA …
Python
•
GNU General Public License v3.0
•0•3•0•0•Updated Nov 26, 2025Nov 26, 2025
Characterizing-TTPs-in-the-macOS-Threat-Landscape
Public
Source data and Scripts used for the paper: Characterizing Tactics, Techniques, and Procedures in the macOS Threat Landscape
Python
•0•0•0•0•Updated Nov 12, 2025Nov 12, 2025
MalGraphIQ
Public
Transform your malware sandbox reports and execution traces into behavior and category graphs and plot their Windows Behavior Catalog (WBC) behavior identificat…
visualization windows behavior
visualization windows behavior graphs sandbox malware backtracking malware-analysis malware-research malware-detection
Python
•
GNU General Public License v3.0
•1•2•0•0•Updated Oct 22, 2025Oct 22, 2025
KeyReaper
Public
KeyReaper: Memory Forensic Driven Key Extraction
C++
•
GNU Lesser General Public License v3.0
•2•3•0•0•Updated Sep 19, 2025Sep 19, 2025
rme-Python-toolkit
Public
A collection of Python tools developed and maintained by the Reverseame research group.
cli-tools
cli-tools
Python
•0•0•0•0•Updated Sep 1, 2025Sep 1, 2025
exploring-ZeroShot-LLM-DGA
Public
A framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs) used by malware for Command and Control comm…
dga agd llm
dga agd llm
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jul 18, 2025Jul 18, 2025
LLM-DGA-lab
Public
Framework for evaluating Large Language Models in zero-shot detection of Algorithmically Generated Domains (AGDs). Supports 9 LLMs across 4 vendors with binary/…
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jul 18, 2025Jul 18, 2025
MALVADA
Public
MALVADA: Malware Execution Traces Dataset generation.
malware dataset malware-analysis
malware dataset malware-analysis malware-research datasets dataset-generation malware-samples malware-dataset datasets-preparation malware-execution
Python
•
GNU General Public License v3.0
•2•6•0•0•Updated Jul 12, 2025Jul 12, 2025
RAMPAGE
Public
RAMPAGE is a framework aimed at training and comparing machine learning models for the detection of Algorithmically Generated Domains.
machine-learning tensorflow malware
machine-learning tensorflow malware keras python3 malware-research dga dga-detection
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 24, 2025Jun 24, 2025
winapi-categories
Public
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
windows winapi syscalls
windows winapi syscalls windows-api system-calls native-api ntapi windows-syscalls windows-functions
Python
•
GNU General Public License v3.0
•2•28•1•0•Updated Jun 11, 2025Jun 11, 2025
windows-behavior-catalog
Public
Windows Behavior Catalog (WBC) is a collection of fundamental behaviors for Windows OS, represented as a sequence of Windows API and/or syscalls.
windows behavior catalog
windows behavior catalog analysis malware behavioral windows-api windowsapi behavioral-analysis
C++
•
GNU General Public License v3.0
•0•1•0•0•Updated Jun 10, 2025Jun 10, 2025
capemon
Public
capemon: CAPE's monitor
C
•
GNU General Public License v3.0
•60•2•0•0•Updated Dec 18, 2024Dec 18, 2024
cape-hook-generator
Public
CAPEv2 (capemon) hook skeleton generator (hookdefs) for your malware analysis needs.
windows api hooks
windows api hooks hook sandbox malware malware-analysis malware-research windowsapi malware-samples
Python
•
GNU General Public License v3.0
•0•2•0•0•Updated Dec 16, 2024Dec 16, 2024
winesap
Public
Volatility plugin to search for all Autostart Extensibility Points (AESPs)
python malware-analysis volatility
python malware-analysis volatility volatility-plugins malware-persistence autostar-extensibility-points aesp
Python
•
GNU Affero General Public License v3.0
•0•10•0•0•Updated May 16, 2024May 16, 2024
MOSTO-Modbus-simulator
Public
MOSTO is a SCADA network device simulator based on ModbusTCP communications. Based on Python3
simulator modbus-tcp
simulator modbus-tcp
Python
•
GNU General Public License v3.0
•3•6•1•0•Updated Aug 16, 2023Aug 16, 2023
processfuzzyhash
Public
Volatility plugin to calculate and compare Windows processes fuzzy hashes
python dcfldd volatility
python dcfldd volatility ssdeep tlsh fuzzy-hashes sdhash volatility-plugins
Python
•
GNU Affero General Public License v3.0
•1•7•0•0•Updated Jul 25, 2023Jul 25, 2023
similarity-unrelocated-module
Public
Volatility plugin to yield and compare similarity digest of modules on execution.
python sum volatility
python sum volatility memory-forensics volatility-plugins approximate-matching fuzzy-hash similarity-digest
Python
•
GNU General Public License v3.0
•0•1•1•0•Updated Jul 25, 2023Jul 25, 2023
windows-memory-extractor
Public
Tool to extract contents from the memory of Windows systems.
windows memory-forensics
windows memory-forensics
C++
•
GNU General Public License v3.0
•2•13•0•0•Updated Jul 4, 2023Jul 4, 2023
EvalMe
Public
EvalMe: an evaluation and benchmarking tool
Python
•
GNU General Public License v3.0
•0•0•0•0•Updated Jun 27, 2023Jun 27, 2023
pinVMShield
Public
A pintool for protecting a sandbox application of common anti-virtualmachine and anti-sandbox detection techniques
dbi pintool pin
dbi pintool pin cuckoo-sandbox anti-sandbox anti-vm dynamic-binary-instrumentation
C++
•
GNU General Public License v3.0
•2•11•0•0•Updated Jun 13, 2023Jun 13, 2023
Secure_Socket
Public
C++ Sockets implementing hybrid encryption
linux hybrid-encryption software-library
linux hybrid-encryption software-library
C++
•0•1•0•0•Updated Jun 13, 2023Jun 13, 2023
malscan
Public
Volatility plugin to detect malicious code thanks to ClamAV
python clamav malware-analysis
python clamav malware-analysis volatility volatility-plugins
Python
•
GNU Affero General Public License v3.0
•1•3•0•0•Updated Jun 13, 2023Jun 13, 2023
sigcheck
Public
Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed
python openssl authenticode
python openssl authenticode volatility sigcheck volatility-plugins
Python
•
GNU General Public License v3.0
•4•20•3•0•Updated Jun 13, 2023Jun 13, 2023
modex
Public
Volatility 3 plugins to extract a module as complete as possible
memory-forensics volatility-plugins volatility3
memory-forensics volatility-plugins volatility3
Python
•
GNU General Public License v3.0
•0•12•0•0•Updated Jun 13, 2023Jun 13, 2023

ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RME-DisCo Research Group

All

All

38 repositories

adversarial-dga-framework

APOTHEOSIS

MARISSA

synoptic

MANTILLA

heaplist

BinTopsy

Characterizing-TTPs-in-the-macOS-Threat-Landscape

MalGraphIQ

KeyReaper

rme-Python-toolkit

exploring-ZeroShot-LLM-DGA

LLM-DGA-lab

MALVADA

RAMPAGE

winapi-categories

windows-behavior-catalog

capemon

cape-hook-generator

winesap

MOSTO-Modbus-simulator

processfuzzyhash

similarity-unrelocated-module

windows-memory-extractor

EvalMe

pinVMShield

Secure_Socket

malscan

sigcheck

modex

All

All

Repositories list

38 repositories