season-lab / bluepillLinks
BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆127Updated 3 years ago
Alternatives and similar repositories for bluepill
Users that are interested in bluepill are comparing it to the libraries listed below
Sorting:
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆229Updated 5 years ago
- Hyper-V Research is trendy now☆186Updated last year
- Robust Automated Malware Unpacker☆85Updated 2 years ago
- Static unpacker for FinSpy VM☆102Updated 4 years ago
- Parsers for custom malware formats ("Funky malware formats")☆97Updated 3 years ago
- ☆106Updated 6 years ago
- An IDA Pro extension for easier (malware) reverse engineering☆114Updated 3 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆74Updated last year
- Hyper-V scripts☆130Updated last month
- Set of antianalysis techniques found in malware☆131Updated 2 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆216Updated 3 years ago
- IDA python plugin to scan binary with Yara rules☆178Updated last year
- This is a place to share my miscellaneous projects.☆114Updated 5 years ago
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆184Updated 4 years ago
- Analyses in IDA/Hex-Rays☆84Updated 2 years ago
- ☆21Updated 4 months ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆57Updated 5 years ago
- Windows Kernel Programming☆131Updated 5 years ago
- A Windows kernel dump C++ parser library with Python 3 bindings.☆208Updated last year
- Automatically rebuild Import Address Table for dumped PE file. With python bindings!☆121Updated 6 years ago
- ☆109Updated 4 years ago
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- VT-based PCI device monitor (SPI)☆154Updated 4 years ago
- ☆131Updated last year
- IntroVirt is an guest introspection library for KVM☆56Updated last year
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆24Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆233Updated 5 years ago
- Toy scripts for playing with WinDbg JS API☆241Updated last year
- ☆72Updated 2 years ago
- Resources for the workshop titled "Repacking the unpacker: Applying Time Travel Debugging to malware analysis", given at HackLu 2019☆42Updated 5 years ago