badhive / alcaLinks
Rule Engine for Dynamic Malware Analysis and Research
☆23Updated last month
Alternatives and similar repositories for alca
Users that are interested in alca are comparing it to the libraries listed below
Sorting:
- ☆30Updated 3 months ago
- ☆46Updated 2 months ago
- This x64dbg plugin allows you to upload your sample to Malcore and view the results.☆37Updated last year
- All LLVM binaries scrambled with SigBreaker and used to test against llvm-lit☆16Updated 3 weeks ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆63Updated last month
- ☆25Updated 7 months ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆105Updated 2 years ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆43Updated this week
- An improved version of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆65Updated 2 months ago
- Finding Truth in the Shadows☆92Updated 2 years ago
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆115Updated 10 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆110Updated 8 months ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆79Updated 2 years ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆123Updated 2 weeks ago
- A few examples of how to trap virtual memory access on Windows.☆30Updated 5 months ago
- ☆55Updated last month
- ☆71Updated 2 years ago
- PEIM (UEFI) bootkit targeting OVMF (EDK2)☆35Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆76Updated last month
- Research-focused hypervisor offering advanced tools for debugging, virtual machine introspection, and automation.☆20Updated 3 weeks ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into YARA rules☆77Updated this week
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆30Updated 9 months ago
- "Service-less" driver loading☆155Updated 6 months ago
- Plugin interface for remote communications with Binary Ninja database and MCP server for interfacing with LLMs.☆32Updated 2 weeks ago
- Dynamically invoke arbitrary code and use various tricks written idiomatically in Rust (Dinvoke)☆77Updated this week
- Hollowise is a tool that implements process hollowing and PPID (Parent Process ID) spoofing techniques for masking a legitimate analysis …☆36Updated 3 months ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆40Updated 6 months ago
- A VMWare logger using built-in backdoor.☆29Updated 7 months ago
- Report and exploit of CVE-2024-21305.☆34Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆21Updated 2 months ago