Name: K2
Type: User
Company: # Despite my day job thoughts and opinions are my own, I hope that's the only thing I _HAVE_ to say ;)
Bio: K2/ktwo/Shane Ruled by chaotic energy, I'm always under test, full sender, progressive, world collider, ENTP. Security tested billions of lines :D
Twitter: ktwo_K2
Location: New York, NY
Blog: https://www.ktwo.ca
K2's Projects
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
A curated list of awesome forensic analysis tools and resources
A curated list of tools for incident response
A curated list of awesome malware analysis tools and resources
Official Black Hat Arsenal Security Tools Repository
C# 64 bit binding for capstone
CoreCLR 64bit Capstone bindings
Roaring bitmaps in C (and C++)
ATrace is a tool for tracing execution of binaries on Windows.
Cloud-native high-performance edge/middle/service proxy
fork from http://hashlib.codeplex.com
A Kestrel app server provides a just in time JitHash white list. The client is in powershell and can be used to test remote system memory for unknown code. Rendered doc's are here https://K2.github.io/HashServer/
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Musings from a life in Security.
Public projects I'm able to release as open source projecs
Compiler exploits and exploitable non-obvious source code back doors.
:rocket: Build and manage real-life data science projects with ease!
OSS-Fuzz - continuous fuzzing for open source software.
The PHP Interpreter
Transform dumped executable memory back into an identical match from disk. Use network or local database to de-locate relocated binaries and ensure a cryptographically secure hash match for code running on your legacy systems. A client tool that downloads relocation data for various PE files. This ensures when extracting data from memory dumps that you can match memory to disk files precisely.
PS / Bash / Python / Other scripts For FUN!
A collection of tools, libraries, and tests for Vulkan shader compilation.
The getting started sample demonstrates how to perform common tasks using the Azure Blob Service in .NET including uploading a blob, CRUD operations, listing, as well as blob snapshot creation.
syzkaller is an unsupervised coverage-guided kernel fuzzer
WebAssembly Virtual Machine
forked