season-lab / bluepillView external linksLinks
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆128Dec 22, 2021Updated 4 years ago
Alternatives and similar repositories for bluepill
Users that are interested in bluepill are comparing it to the libraries listed below
Sorting:
- Library to hide DBI artifacts when using Intel Pin. Code from the ASIA CCS 2019 paper "SoK: Using Dynamic Binary Instrumentation for Secu…☆24Nov 12, 2019Updated 6 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Dec 8, 2021Updated 4 years ago
- Collection of DBI evasion techniques☆16Jan 25, 2022Updated 4 years ago
- This is the home of the raindrop obfuscator. It transforms program functions into obfuscated ROP chains that coexist seamlessly with the …☆64Aug 11, 2021Updated 4 years ago
- Slides and stuffs of the meetings during the 2018☆13Jan 18, 2022Updated 4 years ago
- A framework for static analysis of ROP exploits and programs☆40May 13, 2019Updated 6 years ago
- WhiteRabbitTracker: Analyzing malware evasions with information flow tracking☆18Jul 25, 2021Updated 4 years ago
- Group coding repository of PltCov, a tool to instrument ELF binaries for fuzzing with ngram coverage of imported APIs☆12Jan 18, 2022Updated 4 years ago
- Scripts targeting specific families☆13Jul 3, 2017Updated 8 years ago
- This is a simple driver with x64 inline assembly☆57Jun 26, 2020Updated 5 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆124Sep 9, 2020Updated 5 years ago
- Binee: binary emulation environment☆529Feb 25, 2023Updated 2 years ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆57Jan 16, 2020Updated 6 years ago
- makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]☆742Mar 17, 2019Updated 6 years ago
- Slides and stuffs of the meetings during the 2019☆33Jan 18, 2022Updated 4 years ago
- C++ application that uses memory and code hooks to detect packers☆274Mar 5, 2018Updated 7 years ago
- IDA plugin for software complexity metrics assessment☆60Jan 4, 2018Updated 8 years ago
- A Pin Tool for tracing API calls etc☆1,616Feb 8, 2026Updated last week
- Slides and stuffs of the meetings during the 2020.☆16Jan 18, 2022Updated 4 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆221Jul 10, 2022Updated 3 years ago
- Hyper-V Research is trendy now☆197May 6, 2024Updated last year
- Cryptographic Dataset Generation & Modelling Framework☆41Apr 8, 2020Updated 5 years ago
- Code and artifacts of the "Dissecting American Fuzzy Lop - A FuzzBench Evaluation" paper☆13Oct 3, 2022Updated 3 years ago
- DRAKVUF Black-box Binary Analysis☆1,207Feb 1, 2026Updated 2 weeks ago
- Virtual Machine Introspection, Tracing & Debugging☆595Feb 22, 2022Updated 3 years ago
- Various snippets created during malware analysis☆22Apr 29, 2018Updated 7 years ago
- Malware Behavior Analyzer☆158Jun 1, 2017Updated 8 years ago
- This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks☆33Mar 2, 2017Updated 8 years ago
- Malware Fragmentation Tool its a tool that simply fragment the PE file and it can disassemble the PE file, etc this tool very useful for…☆37Nov 22, 2015Updated 10 years ago
- Various snippets created during malware analysis☆465Oct 3, 2025Updated 4 months ago
- An OS-level container which virtualizes Windows' file system, registry, kernel, and network communication.☆104Apr 9, 2015Updated 10 years ago
- A hypervisor for fuzzing built with WHVP and Bochs☆380Feb 5, 2019Updated 7 years ago
- AMD SVM hypervisor rootkit proof of concept☆48Sep 23, 2023Updated 2 years ago
- Windows kernel and user mode emulation.☆1,841Feb 4, 2026Updated last week
- A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research☆468Apr 10, 2023Updated 2 years ago
- An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite☆131Feb 13, 2022Updated 4 years ago
- Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deo…☆881Nov 21, 2023Updated 2 years ago
- DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the D…☆836Nov 19, 2024Updated last year
- Drltrace is a library calls tracer for Windows and Linux applications.☆415Aug 16, 2020Updated 5 years ago