badhive / alcaLinks
Rule Engine for Dynamic Malware Analysis and Research
☆22Updated 2 months ago
Alternatives and similar repositories for alca
Users that are interested in alca are comparing it to the libraries listed below
Sorting:
- ☆31Updated 3 months ago
- ☆48Updated 2 months ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆37Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 2 months ago
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆16Updated last month
- ☆25Updated 7 months ago
- "Service-less" driver loading☆155Updated 6 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆77Updated last month
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆70Updated 2 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆112Updated 9 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆125Updated this week
- Report and exploit of CVE-2024-21305.☆36Updated last year
- ☆57Updated last month
- Dynamically invoke arbitrary code and use various tricks written idiomatically in Rust (Dinvoke)☆79Updated this week
- A synergized Visual Studio and Rust development environment☆18Updated 5 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆47Updated this week
- ☆90Updated last year
- ☆89Updated 4 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆105Updated 2 years ago
- A few examples of how to trap virtual memory access on Windows.☆31Updated 6 months ago
- ☆30Updated 6 months ago
- ☆24Updated last year
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- LLVM based obfuscation engine☆30Updated this week
- Aplos an extremely simple fuzzer for Windows binaries.☆69Updated 4 months ago
- Finding Truth in the Shadows☆107Updated 2 years ago
- Mentally ill EtwTi parser☆38Updated 2 months ago
- Research-focused hypervisor offering advanced tools for debugging, virtual machine introspection, and automation.☆20Updated last month
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆35Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆21Updated 3 months ago