season-lab / bluepillLinks
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆125Updated 3 years ago
Alternatives and similar repositories for bluepill
Users that are interested in bluepill are comparing it to the libraries listed below
Sorting:
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆230Updated 5 years ago
- ☆106Updated 6 years ago
- Analyses in IDA/Hex-Rays☆84Updated 2 years ago
- Hyper-V Research is trendy now☆182Updated last year
- Static unpacker for FinSpy VM☆102Updated 4 years ago
- Set of antianalysis techniques found in malware☆131Updated 2 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated last year
- A Windows kernel dump C++ parser library with Python 3 bindings.☆204Updated last year
- Robust Automated Malware Unpacker☆85Updated 2 years ago
- IDA python plugin to scan binary with Yara rules☆177Updated last year
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- This is a place to share my miscellaneous projects.☆114Updated 5 years ago
- An IDA Pro extension for easier (malware) reverse engineering☆115Updated 3 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆213Updated 3 years ago
- ☆21Updated 3 months ago
- Windows Kernel Programming☆130Updated 5 years ago
- Hyper-V scripts☆128Updated 3 weeks ago
- VT-based PCI device monitor (SPI)☆153Updated 4 years ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆56Updated 5 years ago
- Toy scripts for playing with WinDbg JS API☆236Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆231Updated 5 years ago
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- ☆66Updated 6 years ago
- A branch-monitor-based solution for process monitoring.☆133Updated 5 years ago
- Automatically rebuild Import Address Table for dumped PE file. With python bindings!☆120Updated 6 years ago
- Sample project for kernel debugging automation with Vagrant☆61Updated 5 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Updated 3 years ago
- Python bindings for the Microsoft Hypervisor Platform APIs.☆79Updated 6 years ago
- IntroVirt is an guest introspection library for KVM☆55Updated 11 months ago
- ☆107Updated 4 years ago