A True Instrumentable Binary Emulation Framework

Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)

Standard collection of rules for capa: the tool for enumerating the capabilities of programs

The FLARE team's open-source tool to identify capabilities in executable files.

Ghidra is a software reverse engineering (SRE) framework

RetDec is a retargetable machine-code decompiler based on LLVM.

Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.

Zstandard - Fast real-time compression algorithm

Windows kernel and user mode emulation.

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

IDA Pro utilities from FLARE team

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Pure Python parser and analyzer for IDA Pro database files (.idb).

Forensic artifact extraction from squid proxy cache and secondary log sources

JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.

Builds malware analysis Windows VMs so that you don't have to.

FakeNet-NG - Next Generation Dynamic Network Analysis Tool

Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages

flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.

rVMI - A New Paradigm For Full System Analysis

QEMU with rVMI extensions