hasherezade / antianalysis_demosLinks
Set of antianalysis techniques found in malware
☆132Updated last year
Alternatives and similar repositories for antianalysis_demos
Users that are interested in antianalysis_demos are comparing it to the libraries listed below
Sorting:
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- ☆110Updated 4 years ago
- Windows Kernel Programming☆129Updated 5 years ago
- Yet another windows internals repo☆207Updated 3 years ago
- ☆161Updated 3 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆205Updated 2 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆178Updated last month
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆219Updated 5 years ago
- Advanced driver monitoring utility.☆210Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆347Updated last year
- APC Internals Research Code☆166Updated 4 years ago
- Process Hollowing for 32 bit and 64 bit☆79Updated 7 years ago
- Simple windows API logger☆104Updated 5 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆139Updated 2 years ago
- Recon 2015 Presentation from Alex Ionescu☆239Updated 9 years ago
- Simple 32/64-bit PEs loader.☆138Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆287Updated 5 years ago
- MalUnpack companion driver☆98Updated 11 months ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆139Updated 2 years ago
- Write-ups for FireEye's FLARE-On challenges☆25Updated 5 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆88Updated 3 years ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆235Updated 5 years ago
- This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially docum…☆205Updated 3 months ago
- BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)☆125Updated 3 years ago
- Driver Initial Reconnaissance Tool☆123Updated 5 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆84Updated 4 years ago
- Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.☆75Updated 3 years ago
- ☆106Updated 6 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆121Updated 5 years ago
- Hyper-V Research is trendy now☆180Updated last year