season-lab / bluepillLinks
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆125Updated 3 years ago
Alternatives and similar repositories for bluepill
Users that are interested in bluepill are comparing it to the libraries listed below
Sorting:
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆229Updated 5 years ago
- Hyper-V Research is trendy now☆182Updated last year
- Static unpacker for FinSpy VM☆101Updated 4 years ago
- IDA python plugin to scan binary with Yara rules☆177Updated last year
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- Analyses in IDA/Hex-Rays☆84Updated 2 years ago
- Hyper-V scripts☆126Updated last week
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated last year
- Robust Automated Malware Unpacker☆85Updated 2 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆213Updated 3 years ago
- An IDA Pro extension for easier (malware) reverse engineering☆115Updated 3 years ago
- ☆106Updated 6 years ago
- Set of antianalysis techniques found in malware☆132Updated last year
- Automatically rebuild Import Address Table for dumped PE file. With python bindings!☆120Updated 6 years ago
- ☆105Updated 4 years ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆56Updated 5 years ago
- ☆21Updated 2 months ago
- This is a place to share my miscellaneous projects.☆114Updated 5 years ago
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆184Updated 4 years ago
- A Windows kernel dump C++ parser library with Python 3 bindings.☆203Updated last year
- Windows Kernel Programming☆130Updated 5 years ago
- Toy scripts for playing with WinDbg JS API☆235Updated last year
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Updated 3 years ago
- Notes on using the Python bindings for the Unicorn Engine☆78Updated 5 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆42Updated 5 years ago
- ☆72Updated 4 years ago
- Hypervisor based tool for monitoring system register accesses.☆148Updated 6 years ago
- Python bindings for the Microsoft Hypervisor Platform APIs.☆79Updated 6 years ago
- A project that aims to automatically devirtualize code that has been virtualized using x86virt☆126Updated 2 years ago