badhive / alcaLinks
Rule Engine for Dynamic Malware Analysis and Research
☆25Updated 3 months ago
Alternatives and similar repositories for alca
Users that are interested in alca are comparing it to the libraries listed below
Sorting:
- ☆31Updated 5 months ago
- ☆49Updated 4 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆126Updated last month
- A few examples of how to trap virtual memory access on Windows.☆32Updated 7 months ago
- Intel 64/Windows low-level experiments☆59Updated 3 weeks ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆23Updated 2 months ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆37Updated 2 years ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆83Updated 3 weeks ago
- REcon 2024 Repo, slides for talk "GOP Complex: Image parsing bugs, EBC polymorphic engines and the Deus ex machina of UEFI exploit dev""☆13Updated 4 months ago
- ☆91Updated last year
- Rewrite and obfuscate code in compiled binaries☆208Updated last week
- ☆88Updated 5 months ago
- Report and exploit of CVE-2024-21305.☆36Updated last year
- bypassing intel txt's tboot integrity checks via coreboot shim☆77Updated 4 months ago
- Dynamically invoke arbitrary code and use various tricks written idiomatically in Rust (Dinvoke)☆88Updated last month
- A Payload Analysis Framework☆30Updated last month
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆106Updated 2 years ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆113Updated 10 months ago
- Binary Ninja plugin to deobfuscate strings obfuscated with the Garble project☆33Updated 5 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆117Updated last year
- ☆20Updated 5 months ago
- Finding Truth in the Shadows☆110Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆78Updated last month
- NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (eithe…☆197Updated 3 weeks ago
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆35Updated last year
- ☆25Updated 9 months ago
- ☆57Updated 3 months ago
- Native Powers Talk demos☆14Updated last year