season-lab / bluepill
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆122Updated 3 years ago
Alternatives and similar repositories for bluepill:
Users that are interested in bluepill are comparing it to the libraries listed below
- Parsers for custom malware formats ("Funky malware formats")☆93Updated 3 years ago
- IDA python plugin to scan binary with Yara rules☆173Updated last year
- Robust Automated Malware Unpacker☆84Updated last year
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆222Updated 4 years ago
- Analyses in IDA/Hex-Rays☆80Updated last year
- ☆224Updated 2 years ago
- An IDA Pro extension for easier (malware) reverse engineering☆111Updated 2 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆76Updated 8 months ago
- Hyper-V Research is trendy now☆177Updated 10 months ago
- Static unpacker for FinSpy VM☆99Updated 3 years ago
- ☆105Updated 5 years ago
- Control-flow-flattening and string deobfuscator☆149Updated 3 years ago
- Hyper-V scripts☆115Updated last year
- Set of antianalysis techniques found in malware☆129Updated last year
- idamagnum is a plugin for integrating MagnumDB requests within IDA☆127Updated 4 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆202Updated 2 years ago
- SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.☆230Updated 2 weeks ago
- VT-based PCI device monitor (SPI)☆150Updated 4 years ago
- Simple windows API logger☆100Updated 5 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆209Updated 5 years ago
- A Windows kernel dump C++ parser library with Python 3 bindings.☆197Updated 7 months ago
- Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.☆79Updated 4 years ago
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆181Updated 4 years ago
- Yet another windows internals repo☆204Updated 3 years ago
- Research on Windows Kernel Executive Callback Objects☆284Updated 5 years ago
- ☆102Updated 3 years ago
- An IDA Plugin that help analyzing module that use COM☆204Updated last year
- A collection of my IDA plugins☆131Updated 4 years ago
- Toy scripts for playing with WinDbg JS API☆223Updated 8 months ago
- Bindings for Microsoft WinDBG TTD☆216Updated last year