0xMohammedHassan

0xMohammedHassan / morphkatz

Public

Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants

44
4
69% credibility
GitGems finds repos before they trend -- Star growth, AI reviews, and architecture deep-dives -- free with GitHub.
Sign Up Free
AI Analysis
C++
AI Summary

MorphKatz rewrites Windows x64 executables into semantically equivalent but byte-different variants to test the durability of antivirus signatures and detection rules.

How It Works

1
🔍 Discover MorphKatz

You hear about a clever tool called MorphKatz that helps security testers check if antivirus rules are strong by changing program looks without altering what it does.

2
📥 Get MorphKatz ready

You download and prepare the tool on your Windows computer, following simple steps to make it work.

3
🎯 Choose your test program

Pick a Windows program or code snippet you want to test against antivirus detection.

4
🐱 Morph it!

Run MorphKatz on your program – it creates a new version that looks totally different but works exactly the same, like a cat with many faces but one heart.

5
🛡️ Test against antivirus

Scan the new version with antivirus tools to see if they still spot it.

Success!

Your tests show which detections hold up, helping you build stronger security or understand weaknesses – all safely and reproducibly.

Sign up to see the full architecture

4 more

Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is morphkatz?

MorphKatz is a C++ polymorphic engine that rewrites Windows x64 PE binaries and shellcode into semantically identical but byte-different variants. It mutates machine code—swapping equivalents like XOR to SUB—while preserving flags, control flow, and runtime behavior, breaking static detectors like YARA rules or Defender signatures. Users get reproducible outputs via `--seed`, JSON/HTML diff reports, and options like `--target yara/*.yar` or `--target-defender`.

Why is it gaining traction?

Unlike black-box polymorphic crypters or polymorphic virus tools, MorphKatz offers auditable YAML rules cited from Intel manuals, seeded RNG for reproducibility, and Defender bisection to prioritize signature-breaking rewrites. Data-section morphing XORs constants at rest with runtime stubs, and verification (re-disasm or Unicorn emulation) ensures no regressions. Single static binary compiles easily with vcpkg, no runtime deps.

Who should use this?

Blue-team detection engineers stress-testing YARA/Elastic/Sigma rules against polymorphic malware github samples via `--variants 50`. Red teams crafting byte-different binaries for ROE-compliant evasion on Windows pentests. Analysts generating polymorphic shellcode github variants for ML classifier training.

Verdict

Worth trying for Windows x64 polymorphic rewriting—practical CLI, excellent docs, and dual-use workflows shine. With 44 stars and 0.70% credibility, it's pre-1.0 but stable; compile from source, audit rules, and integrate into your github polymorphic engine pipeline.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.