2021-06-03: QBDL: QuarkslaB Dynamic Loader
2021-04-27: An Empirical Evaluation of Automated Machine LearningTechniques for Malware Detection - IWSPA 21
2021-01-25: Static PE antimalware evasion - Francisco Javier Gomez Galvez
2020-10-23: [Write-up] Using a PIE binary as a Shared Library — HCSC-2020 CTF Writeup by István Tóth
2020-02-04: x0rro — A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2 by phra
2019-11-01: Isolating the logic of an encrypted protocol with LIEF and kaitai by @TheXC3LL
2018-10-26: [Write-up] HITCON 2018 - Unexecutable by Andrew Wesie
2018-10-06: [Write-up] Flare-on Challenge (Level 3)
2018-09-30: [Write-up] DragonCTF-Teaser-Brutal Oldskull by z3r0s
2018-09-07: Using a non-system glibc by Ayrx
2018-07-02: PWN problem patch method commonly used in competition
2018-05-03: When SideChannelMarvels meet LIEF
2018-03-11: Fuzzing Arbitrary Functions in ELF Binaries
2018-02-01: Dissecting Mobile Native Code Packers Case Study
2017-11-02: Have Fun With LIEF and Executable Formats
2017-04-04: LIEF Library to Instrument Executable Formats
Name | Language | Link | Topic | Summary |
|---|---|---|---|---|
shrinkwrap | Python | ELF | A tool that embeds required dependencies into top-level executables | |
sqlelf | Python | ELF Analysis | Explore ELF objects through the power of SQL | |
Maat | Python/C++ | Symbolic Execution | Symbolic Execution Framework based on Ghidra’s sleigh | |
QBDL | Python/C++ | Binary Loader | QBDI aims to provide a modular and portable way to dynamically load and link binaries. | |
BLint | Python | Static Analysis | A binary linter for checking security properties and capabilities in executables | |
Datalog Disassembly | C++ | Binary Analysis | DDisasm is a fast disassembler which is accurate enough for the resulting assembly code to be reassembled. DDisasm is implemented using the datalog (souffle) declarative logic programming language to compile disassembly rules and heuristics | |
Mobile-Security-Framework-MobSF | Python | Mobile Analysis | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | |
checksec.py | Python | Static Analysis | A simple tool to verify the security properties of your binaries. These properties can be enabled by your compiler to enforce the security of your executables, and mitigate exploitation | |
youarespecial | Python | Machine Learning | Machine learning models on malwares | |
gym-malware | Python | Machine Learning | Learn how to bypass AV through machine learning. | |
MISP | Python | Malware | Malware Information Sharing Platform and Threat Sharing | |
Virus Disinfector KIT | Python | Malware | A tool for disinfecting PE files | |
lief-sys | Rust | Binding | Rust binding for LIEF | |
Ledger-Donjon/rainbow | Python | Dynamic Analysis | Trace generator based on Unicorn and LIEF as loader. | |
smda | Python | Static Analysis | Recursive disassembler using LIEF as ELF and PE loader | |
conan-io/hooks | Python | Static Analysis | Binary linter | |
Wiggle | Python | Binary search engine | An executable binary metadata search engine. | |
ANBU | C++ | Unpacking | Automatic New Binary Unpacker with PIN DBI Framework |
Name | Language | Link |
|---|---|---|
filebytes | Python | |
angr/cle | Python | |
pypeelf | Python | |
object | Rust | |
Goblin | Rust |
Name | Language | Link |
|---|---|---|
pyelftools | Python | |
pylibelf | Python | |
pydevtools | Python | |
elfparser | C++ ? | |
libelf | C | hxxp://www.mr511.de/software/ |
elfio | C++ | |
radare2 | C/Python | https://github.com/radare/radare2/tree/master/libr/bin/format/elf |
node-elf | node.js | |
readelf | C | https://github.com/bminor/binutils-gdb/blob/master/binutils/readelf.c |
elfesteem | Python | |
elfsharp | C# | hxxp://elfsharp.hellsgate.pl/index.shtml |
metasm | Ruby | |
amoco | Python | |
Goblin | Rust | |
Mithril | Ruby | |
ELFkickers | C | http://www.muppetlabs.com/~breadbox/software/elfkickers.html |
libelfmaster | C | |
libelf.js | JS | |
elfy.io | JS ? | |
elfhash | C |
Name | Language | Link |
|---|---|---|
pefiles | Python | |
radare2 | C | https://github.com/radare/radare2/tree/master/libr/bin/format/pe |
PE.Explorer | C++/C# ? | |
CFF Explorer | C++/C# ? | |
PE Browser 64 | C++/C# ? | http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html |
PE View | C++/C# ? | |
FileAlyzer | C++/C# ? | |
PE Studio | C++/C# ? | |
PEDumper | C | |
PE Parse | C++/Python | |
PEParse | C# | |
PE Bliss | C++ | |
PE Net | .NET | |
libpe | C++ | |
elfesteem | Python | |
pelook | C ? | |
PortEx | Java | |
metasm | Ruby | |
amoco | Python | |
Goblin | Rust |
Name | Language | Link |
|---|---|---|
radare2 | C | https://github.com/radare/radare2/tree/master/libr/bin/format/mach0 |
MachO-Kit | C/ObjC | |
optool | ObjC | |
macho_edit | C++ | |
macholib | Python | |
elfsharp | C# | http://elfsharp.hellsgate.pl/index.shtml |
elfesteem | Python | |
metasm | Ruby | |
Goblin | Rust | |
MachOView | ObjC | |
XMachOViewer | C++ |
Name | Language | Link | Format | Summary |
|---|---|---|---|---|
Dress | Python | ELF | Adds static symbols | |
objconv | C++ | ELF/PE/MachO | Format converter | |
PEDetour | C++ | PE | Hook exported functions | |
python-elf | Python | ELF | ELF binary format manipulation tool | |
PEDetour | C++ | PE | Hook exported functions | |
libmaelf | C | ELF | A library for dissecting and infecting ELF binaries. | |
peinjector | C | PE | MITM PE file infector | |
backdoor factory | C++ | ELF/PE/MachO | Patch PE, ELF, Mach-O binaries with shellcode | |
RePEconstruct | C | PE | PE Unpacker | |
patchkit | Python | ELF | Patch binary | |
unstrip | Python | ELF | Unstrip static binary | |
sym2elf | Python | ELF | Exports IDA symbols to the original binary | |
elfhash | C | ELF | Manipulate ELF’s hash | |
recomposer | Python | PE | Modifies parts of a PE file to bypass antivirus software | |
bearparser | C++ | PE | Portable Executable parsing library with a GUI | |
IAT patcher | C++ | PE | IAT hooking application | |
PEframe | Python | PE | PE Static analyzer | |
Manalyze | C++ | PE | PE Static analyzer | |
elf-dissector | C++ | ELF | Tool to inspect ELF files | |
InfectPE | C++ | PE | Inject code into PE file | |
termux-elf-cleaner | C++ | ELF | Utility to remove unused ELF sections causing warnings. | |
vdexExtractor | C | VDEX | Extract DEX from VDEX | |
insert_dylib | C | Mach-O | Insert a dylib load command | |
optool | Obj-C | Mach-O | Modify Mach-O commands: Resign, insert commands, … | |
reflective- polymorphism | C | PE | Transform PE files between EXE and DLL | |
XELFViewer | C++/Qt | ELF | ELF file viewer/editor for Windows, Linux and MacOS. | |
strongarm | Python | Mach-O | Cross-platform ARM64 Mach-O analysis library |