badhive / alca
Rule Engine for Dynamic Malware Analysis and Research
☆23Updated this week
Alternatives and similar repositories for alca:
Users that are interested in alca are comparing it to the libraries listed below
- ☆29Updated last month
- ☆41Updated 3 weeks ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆33Updated last year
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆59Updated 3 weeks ago
- ☆25Updated 5 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆99Updated last year
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆11Updated this week
- ☆23Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆116Updated 9 months ago
- Report and exploit of CVE-2024-21305.☆34Updated last year
- A few examples of how to trap virtual memory access on Windows.☆29Updated 4 months ago
- A journal for $6,000 Riot Vanguard bounty.☆63Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆40Updated 5 months ago
- ☆31Updated 2 years ago
- "Service-less" driver loading☆152Updated 4 months ago
- ☆99Updated last week
- Plugin interface for remote communications with Binary Ninja database and MCP server for interfacing with LLMs.☆30Updated last week
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆109Updated 7 months ago
- OffensiveCon 2024 Repo, contains PoCs and materials for talk "UEFI and the Task of the Translator"☆42Updated 10 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆56Updated this week
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆76Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆65Updated 5 months ago
- Aplos an extremely simple fuzzer for Windows binaries.☆68Updated 2 months ago
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆34Updated last year
- In-memory hiding technique☆48Updated 3 months ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- A set of LLVM and GCC based plugins that perform code obfuscation.☆123Updated last month
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- LPE exploit for CVE-2023-36802☆22Updated last year