csvl / SEMA
SEMA is based on angr, a symbolic execution engine used to extract API calls. Especially, we extend ANGR with strategies to create representative signatures based on System Call Dependency graph (SCDG). Those SCDGs can be exploited in machine learning modules to do classification/detection.
☆111Updated 2 weeks ago
Alternatives and similar repositories for SEMA:
Users that are interested in SEMA are comparing it to the libraries listed below
- Code for the paper "EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis"☆28Updated last year
- The MinHash-based Code Relationship & Investigation Toolkit (MCRIT) is a framework created to simplify the application of the MinHash alg…☆91Updated 2 weeks ago
- ☆67Updated 2 years ago
- This repository contains dynamic and static tools for IoT malware analysis☆21Updated 2 years ago
- Get information about stripped rust executables☆26Updated last week
- ☆14Updated 2 years ago
- Dataset of packed PE samples☆33Updated 8 months ago
- Robust Automated Malware Unpacker☆84Updated last year
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆70Updated 11 months ago
- Practical Data-Only Attack Generation☆38Updated 9 months ago
- A collection of ready-to-use library code and symbols for the MinHash-based Code Relationship & Investigation Toolkit (MCRIT)☆11Updated 10 months ago
- UnpacMe IDA Byte Search☆28Updated last year
- Blogpost about optimizing binary-only fuzzing with AFL++☆64Updated last year
- PASTIS: Collaborative Fuzzing Framework☆162Updated 7 months ago
- ☆101Updated 2 years ago
- Dynamic-Static binary instrumentation framework on top of GDB☆51Updated last year
- ☆15Updated last year
- A command line tool for extracting machine learning ready data from software binaries powered by Radare2☆62Updated 3 weeks ago
- Hardening code obfuscation against automated attacks☆131Updated last year
- Leveraging patch diffing to discover new vulnerabilities☆113Updated 5 months ago
- ☆24Updated 2 years ago
- The malsource dataset☆10Updated 3 years ago
- Effects of packers on machine-learning-based malware classifiers that use only static analysis☆85Updated 9 months ago
- A tool for firmware cartography☆146Updated 3 months ago
- IDA Pro plugin for recognizing known hashes of API function names☆81Updated 2 years ago
- ☆58Updated 3 years ago
- ☆31Updated 2 years ago
- Writeups for CTF challenges☆30Updated last year
- MEGR-APT: A Memory-Efficient APT Hunting System Based on Attack Representation Learning☆39Updated last month
- A Unit-Based Symbolic Execution Method for Detecting Heap Overflow Vulnerability in Executable Codes☆22Updated 2 years ago