badhive / alca
Rule Engine for Dynamic Malware Analysis and Research
☆15Updated last week
Alternatives and similar repositories for alca:
Users that are interested in alca are comparing it to the libraries listed below
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆34Updated last year
- PDB Rewriting Rust Library☆23Updated 11 months ago
- docker-compose to deploy CTFd w/ ghidragolf configurations☆12Updated 2 years ago
- ☆15Updated last year
- ☆25Updated 4 months ago
- ☆29Updated last month
- Custom instruction length for hex-rays☆18Updated 2 months ago
- Extract data of TTD trace file to a minidump☆28Updated last year
- An example of how to use Microsoft Windows Warbird technology☆27Updated last year
- ☆29Updated 3 years ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆33Updated last year
- A post-processing script for TinyTracer☆38Updated 2 years ago
- A VMWare logger using built-in backdoor.☆27Updated 5 months ago
- A minimalistic logger for Windows Kernel Drivers.☆20Updated last year
- ☆17Updated last month
- ☆14Updated 3 years ago
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆19Updated 5 months ago
- A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.☆33Updated last month
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- Lightweight Threat Detection System - (Base)☆14Updated 11 months ago
- Neutralize KEPServerEX anti-debugging techniques☆31Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Currently proof-of-concept☆16Updated 3 years ago
- ☆31Updated 2 years ago
- Process Injection without R/W target memory and without creating a remote thread☆18Updated 3 years ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆33Updated 6 months ago
- RenameLocalVars is an IDA plugin that renames local variables to something easier to read.☆15Updated last year
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆59Updated 7 months ago
- A few examples of how to trap virtual memory access on Windows.☆28Updated 3 months ago
- Windows kernel PDB data parsed into YAML☆36Updated 4 months ago