Automatically Preventing Code Injection Attacks on Node.js

by ex-Facebookers, for ex-Facebookers - a lookup table of similar tech & services

Dynamic analysis framework for JavaScript

Performant taint analysis for Node.js

Browser extension that automatically fills out cookie popups based on your preferences

Coverage-guided, in-process fuzzing for Node.js

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!

Foundational Cryptography Framework for machine-checked proofs of cryptography.

HACL*, a formally verified cryptographic library written in F*

CertiCrypt Coq Framework

Boogie

A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositories.

Ghidra Wasm plugin with disassembly and decompilation support

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

Yet Another Ghidra Integration for IDA

Cross Architecture Shellcode in C

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-m…

Winnie makes fuzzing Windows applications easy

A series of posts about QEMU internals:

WinDbg script to spoof origin and url of a renderer process in Chrome

No Sandbox - Applications That Run Chromium and Chrome Without The Sandbox. TL;DR exploits in these browser based applications are already sandboxed escaped: https://no-sandbox.io/

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Distributed malware processing framework based on Python, Redis and S3.

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android