2021-06-03: QBDL: QuarkslaB Dynamic Loader
2021-04-27: An Empirical Evaluation of Automated Machine LearningTechniques for Malware Detection - IWSPA 21
2021-01-25: Static PE antimalware evasion - Francisco Javier Gomez Galvez
2020-10-23: [Write-up] Using a PIE binary as a Shared Library — HCSC-2020 CTF Writeup by István Tóth
2020-02-04: x0rro — A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2 by phra
2019-11-01: Isolating the logic of an encrypted protocol with LIEF and kaitai by @TheXC3LL
2018-10-26: [Write-up] HITCON 2018 - Unexecutable by Andrew Wesie
2018-10-06: [Write-up] Flare-on Challenge (Level 3)
2018-09-30: [Write-up] DragonCTF-Teaser-Brutal Oldskull by z3r0s
2018-09-07: Using a non-system glibc by Ayrx
2018-07-02: PWN problem patch method commonly used in competition
2018-05-03: When SideChannelMarvels meet LIEF
2018-03-11: Fuzzing Arbitrary Functions in ELF Binaries
2018-02-01: Dissecting Mobile Native Code Packers Case Study
2017-11-02: Have Fun With LIEF and Executable Formats
2017-04-04: LIEF Library to Instrument Executable Formats
Name | Language | Link | Topic | Summarize |
|---|---|---|---|---|
shrinkwrap | Python | ELF | A tool that embosses the needed dependencies on the top level executable | |
sqlelf | Python | ELF Analysis | Explore ELF objects through the power of SQL | |
Maat | Python/C++ | Symbolic Execution | Symbolic Execution Framework based on Ghidra’s sleigh | |
QBDL | Python/C++ | Binary Loader | QBDI aims at providing a modular and portable way to dynamically load and link binaries. | |
BLint | Python | Static Analysis | Binary Linter to check the security properties, and capabilities in your executables | |
Datalog Disassembly | C++ | Binary Analysis | DDisasm is a fast disassembler which is accurate enough for the resulting assembly code to be reassembled. DDisasm is implemented using the datalog (souffle) declarative logic programming language to compile disassembly rules and heuristics | |
Mobile-Security-Framework-MobSF | Python | Mobile Analysis | Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. | |
checksec.py | Python | Static Analysis | A simple tool to verify the security properties of your binaries. These properties can be enabled by your compiler to enforce the security of your executables, and mitigate exploits | |
youarespecial | Python | Machine Learning | Machine learning models on Malwares | |
gym-malware | Python | Machine Learning | Learn how to bypass AV through machine learning. | |
MISP | Python | Malware | Malware Information Sharing Platform and Threat Sharing | |
Virus Disinfector KIT | Python | Malware | Tool to disinfect PE files | |
lief-sys | Rust | Binding | Rust binding for LIEF | |
Ledger-Donjon/rainbow | Python | Dynamic Analysis | Trace generator based on Unicorn and LIEF as loader. | |
smda | Python | Static Analysis | Recursive disassembler using LIEF as ELF and PE loader | |
conan-io/hooks | Python | Static Analysis | Binary linter | |
Wiggle | Python | Binary search engine | An executable binary metadata search engine. | |
ANBU | C++ | Unpacking | Automatic New Binary Unpacker with PIN DBI Framework |
Name | Language | Link |
|---|---|---|
filebytes | Python | |
angr/cle | Python | |
pypeelf | Python | |
object | Rust | |
Goblin | Rust |
Name | Language | Link |
|---|---|---|
pyelftools | Python | |
pylibelf | Python | |
pydevtools | Python | |
elfparser | C++ ? | |
libelf | C | hxxp://www.mr511.de/software/ |
elfio | C++ | |
radare2 | C/Python | https://github.com/radare/radare2/tree/master/libr/bin/format/elf |
node-elf | node.js | |
readelf | C | https://github.com/bminor/binutils-gdb/blob/master/binutils/readelf.c |
elfesteem | Python | |
elfsharp | C# | hxxp://elfsharp.hellsgate.pl/index.shtml |
metasm | Ruby | |
amoco | Python | |
Goblin | Rust | |
Mithril | Ruby | |
ELFkickers | C | http://www.muppetlabs.com/~breadbox/software/elfkickers.html |
libelfmaster | C | |
libelf.js | JS | |
elfy.io | JS ? | |
elfhash | C |
Name | Language | Link |
|---|---|---|
pefiles | Python | |
radare2 | C | https://github.com/radare/radare2/tree/master/libr/bin/format/pe |
PE.Explorer | C++/C# ? | |
CFF Explorer | C++/C# ? | |
PE Browser 64 | C++/C# ? | http://www.smidgeonsoft.prohosting.com/pebrowse-pro-file-viewer.html |
PE View | C++/C# ? | |
FileAlyzer | C++/C# ? | |
PE Studio | C++/C# ? | |
PEDumper | C | |
PE Parse | C++/Python | |
PEParse | C# | |
PE Bliss | C++ | |
PE Net | .NET | |
libpe | C++ | |
elfesteem | Python | |
pelook | C ? | |
PortEx | Java | |
metasm | Ruby | |
amoco | Python | |
Goblin | Rust |
Name | Language | Link |
|---|---|---|
radare2 | C | https://github.com/radare/radare2/tree/master/libr/bin/format/mach0 |
MachO-Kit | C/ObjC | |
optool | ObjC | |
macho_edit | C++ | |
macholib | Python | |
elfsharp | C# | http://elfsharp.hellsgate.pl/index.shtml |
elfesteem | Python | |
metasm | Ruby | |
Goblin | Rust | |
MachOView | ObjC | |
XMachOViewer | C++ |
Name | Language | Link | Format | Summarize |
|---|---|---|---|---|
Dress | Python | ELF | Add static symbols | |
objconv | C++ | ELF/PE/MachO | Format converter | |
PEDetour | C++ | PE | Hook exported functions | |
python-elf | Python | ELF | ELF binary format manipulation | |
PEDetour | C++ | PE | Hook exported functions | |
libmaelf | C | ELF | Library for Dissect and Infect ELF Binaries. | |
peinjector | C | PE | MITM PE file infector | |
backdoor factory | C++ | ELF/PE/MachO | Patch PE, ELF, Mach-O binaries with shellcode | |
RePEconstruct | C | PE | PE Unpacker | |
patchkit | Python | ELF | Patch binary | |
unstrip | Python | ELF | Unstrip static binary | |
sym2elf | Python | ELF | Export IDA’s symbols to the original binary | |
elfhash | C | ELF | Manipulate ELF’s hash | |
recomposer | Python | PE | Change some parts of a PE ile in order to bypass Antivirus | |
bearparser | C++ | PE | Portable Executable parsing library with a GUI | |
IAT patcher | C++ | PE | IAT hooking application | |
PEframe | Python | PE | PE Static analyzer | |
Manalyze | C++ | PE | PE Static analyzer | |
elf-dissector | C++ | ELF | Tool to inspect ELF files | |
InfectPE | C++ | PE | Inject code into PE file | |
termux-elf-cleaner | C++ | ELF | Utility to remove unused ELF sections causing warnings. | |
vdexExtractor | C | VDEX | Extract DEX from VDEX | |
insert_dylib | C | Mach-O | Insert a dylib load command | |
optool | Obj-C | Mach-O | Modify Mach-O commands: Resign, insert commands, … | |
reflective- polymorphism | C | PE | Transform PE files between EXE and DLL | |
XELFViewer | C++/Qt | ELF | ELF file viewer/editor for Windows, Linux and MacOS. | |
strongarm | Python | Mach-O | Cross-platform ARM64 Mach-O analysis library |