This module obfuscates python code.

Unofficial revival of the well known .NET debugger and assembly editor, dnSpy

A memory-based evasion technique which makes shellcode invisible from process start to end.

系统监控开发套件（sysmon、promon、edr、终端安全、主机安全、零信任、上网行为管理）

iMonitor（冰镜 - 终端行为分析系统）

Gather Downlevel OS Activation State

一种通过底层api和微软官方公钥，实现的数字许可证的生成，完全绕开gatherosstate.exe，不再需要繁琐的释放文件、模拟win7、获取门票再激活，此程序program.cs将模仿gatheroststate生成数字门票，其中原理和api感谢@laomms 提供的思路与二进制文件以供反编译，感谢dnSpy、de4Dot、dotPeek等软件的大力支持

一款用于记录终端软件使用时间的开发套件

ClamAV - Documentation is here: https://docs.clamav.net

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

RetDec is a retargetable machine-code decompiler based on LLVM.

SkySeraph Awesome Soft Tools ~~

A collection of malware samples caught by several honeypots i manage

Parsing of YARA rules into AST and building new rulesets in C++.

Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Vmware Hardened VM detection mitigation loader (anti anti-vm)

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool

Qiling Advanced Binary Emulation Framework

Open EDR public repository