BluePill: Neutralizing Anti-Analysis Behavior in Malware Dissection (Black Hat Europe 2019, IEEE TIFS 2020)
☆128Dec 22, 2021Updated 4 years ago
Alternatives and similar repositories for bluepill
Users that are interested in bluepill are comparing it to the libraries listed below
Sorting:
- Collection of DBI evasion techniques☆16Jan 25, 2022Updated 4 years ago
- Library to hide DBI artifacts when using Intel Pin. Code from the ASIA CCS 2019 paper "SoK: Using Dynamic Binary Instrumentation for Secu…☆24Nov 12, 2019Updated 6 years ago
- Robust API monitoring system presented in the paper "Designing Robust API Monitoring Solutions" (IEEE TDSC)☆25Dec 8, 2021Updated 4 years ago
- WhiteRabbitTracker: Analyzing malware evasions with information flow tracking☆18Jul 25, 2021Updated 4 years ago
- This is the home of the raindrop obfuscator. It transforms program functions into obfuscated ROP chains that coexist seamlessly with the …☆65Aug 11, 2021Updated 4 years ago
- Slides and stuffs of the meetings during the 2018☆13Jan 18, 2022Updated 4 years ago
- A framework for static analysis of ROP exploits and programs☆41May 13, 2019Updated 6 years ago
- Group coding repository of PltCov, a tool to instrument ELF binaries for fuzzing with ngram coverage of imported APIs☆12Jan 18, 2022Updated 4 years ago
- Slides and stuffs of the meetings during the 2019☆33Jan 18, 2022Updated 4 years ago
- Slides and stuffs of the meetings during the 2020.☆16Jan 18, 2022Updated 4 years ago
- A Pin Tool for tracing API calls etc☆1,634Feb 8, 2026Updated last month
- This is a simple driver with x64 inline assembly☆55Jun 26, 2020Updated 5 years ago
- Code and artifacts of the "Dissecting American Fuzzy Lop - A FuzzBench Evaluation" paper☆13Oct 3, 2022Updated 3 years ago
- Scripts targeting specific families☆13Jul 3, 2017Updated 8 years ago
- VMI-Unpack - A Virtual Machine Introspection (VMI) based generic unpacker.☆57Jan 16, 2020Updated 6 years ago
- Binee: binary emulation environment☆531Feb 25, 2023Updated 3 years ago
- KVM-based Virtual Machine Introspection☆362Oct 11, 2025Updated 5 months ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆124Sep 9, 2020Updated 5 years ago
- A fast, multithreaded, ROP-gadget semantics analyzer.☆51Feb 3, 2021Updated 5 years ago
- makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]☆742Mar 17, 2019Updated 7 years ago
- Malware Fragmentation Tool its a tool that simply fragment the PE file and it can disassemble the PE file, etc this tool very useful for…☆37Nov 22, 2015Updated 10 years ago
- Hyper-V Research is trendy now☆199May 6, 2024Updated last year
- IDA plugin for software complexity metrics assessment☆60Jan 4, 2018Updated 8 years ago
- Code for the "Predictive Context-sensitive Fuzzing" NDSS'24 paper☆30Feb 29, 2024Updated 2 years ago
- An OS-level container which virtualizes Windows' file system, registry, kernel, and network communication.☆105Apr 9, 2015Updated 10 years ago
- DRAKVUF Black-box Binary Analysis☆1,211Mar 5, 2026Updated 2 weeks ago
- Windows kernel and user mode emulation.☆1,896Mar 12, 2026Updated last week
- C++ application that uses memory and code hooks to detect packers☆275Mar 5, 2018Updated 8 years ago
- A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research☆468Apr 10, 2023Updated 2 years ago
- Malware Behavior Analyzer☆158Jun 1, 2017Updated 8 years ago
- With this RunPE you can easily inject your payload in any x86 or x64 program.☆15Jun 3, 2019Updated 6 years ago
- Extract data of TTD trace file to a minidump☆30Jul 31, 2023Updated 2 years ago
- Virtual Machine Introspection, Tracing & Debugging☆597Feb 22, 2022Updated 4 years ago
- An experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite☆132Feb 13, 2022Updated 4 years ago
- Malware vulnerability research. Coming soon..☆12Apr 20, 2020Updated 5 years ago
- Set of antianalysis techniques found in malware☆133Aug 25, 2023Updated 2 years ago
- RopGun is a Linux implementation of a transparent ROP mitigation technique based on runtime detection of abnormal control transfers using…☆27Sep 10, 2019Updated 6 years ago
- SAFE embeddings to match functions in yara☆100Feb 25, 2020Updated 6 years ago
- Various snippets created during malware analysis☆22Apr 29, 2018Updated 7 years ago