csvl / SEMA
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.
☆107Updated 2 months ago
Alternatives and similar repositories for SEMA:
Users that are interested in SEMA are comparing it to the libraries listed below
- Code for the paper "EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis"☆28Updated last year
- The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash alg…☆88Updated 7 months ago
- Dynamic-Static binary instrumentation framework on top of GDB☆51Updated last year
- ☆65Updated 2 years ago
- ☆14Updated 2 years ago
- Robust Automated Malware Unpacker☆84Updated last year
- Get information about stripped rust executables☆25Updated last month
- Malware Muncher is a proof-of-concept Python script that utilizes the Frida framework for binary instrumentation and API hooking, enablin…☆43Updated last year
- Powershell script deobfuscation using AST in Python☆65Updated last year
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆68Updated 9 months ago
- UnpacMe IDA Byte Search☆27Updated last year
- A Unit-Based Symbolic Execution Method for Detecting Heap Overflow Vulnerability in Executable Codes☆22Updated 2 years ago
- Dataset of packed PE samples☆32Updated 7 months ago
- Writeups for CTF challenges☆30Updated last year
- ☆15Updated last year
- The malsource dataset☆10Updated 3 years ago
- Blogpost about optimizing binary-only fuzzing with AFL++☆63Updated last year
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆82Updated last year
- Use YARA rules on Time Travel Debugging traces☆89Updated last year
- How to retro theme your Ghidra☆34Updated 3 months ago
- This repository contains dynamic and static tools for IoT malware analysis☆20Updated 2 years ago
- A tool for firmware cartography☆146Updated last month
- Scaling best-practice AFLPlusPlus fuzzing campaigns made easy and more☆56Updated 2 months ago
- IDA Pro plugin to aid with the analysis of native IIS modules☆17Updated 6 months ago
- Cross-Architecture Function Similarity Search Model - https://arxiv.org/abs/2310.03605☆12Updated last year
- A Binary Ninja plugin that uses bruteforced XFG hashes to recover precise function prototypes☆15Updated last year
- ☆21Updated last year
- A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, XWorm, Xeno …☆39Updated this week
- FLARE Team's Binary Navigator☆218Updated 3 weeks ago
- Slides, recordings and materials of my public presentations, talks and workshops.☆75Updated 4 months ago