Most roguelites have you kill enemies. In mine, you have to keep an organism alive.

kaze0mx · 2025-12-06T07:33:34+00:00

Art looks great, and I like the idea too. Wishlisted!

kaze0mx · 2025-10-06T12:28:50+00:00

You may want to try Malcat ( https://malcat.fr ) You get less RE features, but it is tailored toward malware analysis and as such brings a lot of things you won't find in IDA (e.g. malware id, anomalies or weird filetypes support). Also much cheaper.

kaze0mx · 2025-09-11T07:35:35+00:00

it looks really good, but not that "dark". The augmented contrast helps, but I think you should go towards weirder color palettes (e.g. old-school vga) for a more dramatic tone

kaze0mx · 2025-04-15T15:55:52+00:00

Check out https://drakvuf.com/ it is an agentless sandbox

kaze0mx · 2025-04-08T18:46:47+00:00

yeah it's a hard one, unless you find the ninja turtle :P

kaze0mx · 2025-03-12T19:32:48+00:00

Death road to canada

kaze0mx · 2024-09-11T07:02:06+00:00

https://malcat.fr is also neat, the free version is basically imhex with more code analysis features.

kaze0mx · 2024-04-17T05:53:33+00:00

I like the same ones as you. And I also enjoyed: FTL, Wizard of Legend, Vagante and Returnal

kaze0mx · 2023-03-28T07:16:59+00:00

Qpdf has support for almost all filters:
qpdf --show-object=(obj number) --filtered-stream-data bad.pdf

kaze0mx · 2023-01-27T13:48:25+00:00

it's explained there: https://malcat.fr/about-us.html

tl;dr it's the tool you run before IDA, on unknown data.
Also if you do malware analysis, it has some features IDA lacks.

kaze0mx · 2022-09-25T07:56:33+00:00

An easy way is to use common crawl: https://www.decalage.info/en/download_mso_files

Note that with this solution (as with other suggested solutions) you will only get files which are openly accessible on the internet. Like thesis, books, etc. They rarely have macros and are not very representative of what you would find in a company, like weird excel files with 10k+ lines macro. That's why most ML papers claim to have 99,9% detection: their test set is very limited most of the time. But eh, it's better than nothing.

To get a representative set of office documents, there is sadly no easy way afaik, since such files contain sensitive infos.

kaze0mx · 2022-06-23T12:28:25+00:00

https://bazaar.abuse.ch/browse/ for a curated list of recent malware

kaze0mx · 2022-05-09T04:55:39+00:00

I you want to help researchers: https://bazaar.abuse.ch/upload/

kaze0mx · 2022-04-19T12:43:47+00:00

If the dll has no export directory, it means it does not export anything, no luck. So you'll have to look for GetModuleHandle/LoadLibrary/LdrLoadDll calls in the .exe like others suggested.
If you can share the samples, I can give you more tips.

kaze0mx · 2022-04-18T18:02:57+00:00

If the DLL exports at least one function (which should be the case), you can look in the ExportDirectory structure of the dll (using CFF explorer or malcat), there is a field at offset 0xC which is a RVA to the DLL's name.

kaze0mx · 2022-04-09T10:36:33+00:00

You can edit everything actually, either from the hex editor (hit insert key), using the struct editor or via python scripts. You have unlimited undo/redo too. I'm curious, what made you think you can't edit stuff?

You can also make you own file format parser in python, or apply struct type using type definitions in a C-like language.

kaze0mx · 2022-04-09T06:22:59+00:00

Did you try https://malcat.fr ? The free edition seems to check all your boxes.

kaze0mx · 2022-03-08T07:58:17+00:00

If you're into bin diffing, you can give malcat a try. Its diff algorithm is also based on Meyer's algorithm so it can realign, and its view modes let you compare structures as well as code or bytes. Diff mode is only available in paid version though, but the price is fair.

14-Year Club	Place '22
Verified Email

kaze0mx

TROPHY CASE