csvl / SEMALinks
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.
☆116Updated 7 months ago
Alternatives and similar repositories for SEMA
Users that are interested in SEMA are comparing it to the libraries listed below
Sorting:
- ☆83Updated 2 months ago
- ☆109Updated 2 years ago
- The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash alg…☆94Updated last week
- Dynamic-Static binary instrumentation framework on top of GDB☆50Updated 2 years ago
- FLARE Team's Binary Navigator☆288Updated last week
- ☆16Updated last year
- Powershell script deobfuscation using AST in Python☆72Updated last month
- A headless, extendable, multi-session, IDA Pro MCP framework.☆74Updated 3 weeks ago
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆71Updated last year
- A tool for firmware cartography☆160Updated 4 months ago
- Writeups for CTF challenges☆32Updated last year
- Slides, recordings and materials of my public presentations, talks and workshops.☆78Updated 4 months ago
- How to retro theme your Ghidra☆35Updated last week
- ☆74Updated last year
- IDA Pro plugin for recognizing known hashes of API function names☆81Updated 3 years ago
- Leveraging patch diffing to discover new vulnerabilities☆136Updated last year
- ☆58Updated 3 months ago
- Leveraging CVEs as North Stars in vulnerability discovery and comprehension.☆69Updated last year
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆45Updated 2 years ago
- CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- p…☆134Updated last month
- Get information about stripped rust executables☆36Updated 5 months ago
- Native Python3 bindings for @horsicq's Detect-It-Easy☆75Updated 5 months ago
- IDA Pro plugin to aid with the analysis of native IIS modules☆19Updated last year
- ☆32Updated 2 years ago
- ☆24Updated 11 months ago
- Static Binary Instrumentation tool for Windows x64 executables☆207Updated 3 weeks ago
- Tools developed by the Zscaler ThreatLabz Threat Intelligence team☆86Updated last month
- Hardening code obfuscation against automated attacks☆142Updated last year
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆118Updated 2 years ago
- The malsource dataset☆11Updated 4 years ago