Malware Analysis

48 bookmarks

Custom sorting

Lumma Stealer malware now uses trigonometry to evade detection

The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.

·bleepingcomputer.com·Nov 22, 2023

Lumma Stealer malware now uses trigonometry to evade detection

GitHub - Bw3ll/sharem: SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.

SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur...

·github.com·Nov 21, 2023

SigmaHQ/pySigma: Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

Python library to parse and convert Sigma rules into queries (and whatever else you could imagine) - GitHub - SigmaHQ/pySigma: Python library to parse and convert Sigma rules into queries (and what...

·github.com·Nov 20, 2023

SigmaHQ/pySigma: Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)

archercreat/titan: Titan is a VMProtect devirtualizer

Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.

·github.com·Nov 5, 2023

archercreat/titan: Titan is a VMProtect devirtualizer

eunomia-bpf/bpftime

Userspace eBPF runtime for fast Uprobe & Syscall hook

#linux-malware

·github.com·Nov 2, 2023

eunomia-bpf/bpftime

mentebinaria/retoolkit: Reverse Engineer's Toolkit

Reverse Engineer's Toolkit. Contribute to mentebinaria/retoolkit development by creating an account on GitHub.

·github.com·Oct 31, 2023

mentebinaria/retoolkit: Reverse Engineer's Toolkit

Fadi002/de4py: toolkit for python reverse engineering

toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.

·github.com·Oct 29, 2023

Fadi002/de4py: toolkit for python reverse engineering

0x534a/dynmx: Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!

Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces! - GitHub - 0x534a/dynmx: Signature-based detection of malware featu...

·github.com·Oct 22, 2023

0x534a/dynmx: Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!

can1357/NoVmp

A static devirtualizer for VMProtect x64 3.x. powered by VTIL.

·github.com·Oct 21, 2023

can1357/NoVmp

enkomio/Sojobo: A binary analysis framework

A binary analysis framework. Contribute to enkomio/Sojobo development by creating an account on GitHub.

·github.com·Oct 20, 2023

enkomio/Sojobo: A binary analysis framework

Windows System Calls For Hunters

Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…

·marcoramilli.com·Aug 23, 2022

Windows System Calls For Hunters

ImpELF: Unmasking Linux Malware with a Novel Imphash Approach for ELF Binaries

As someone that primarily does Linux security research, I was frustrated that there wasn't an equivalent of an imphash for Linux ELF binaries. So, I decided to make one myself.

·signalblur.io·Oct 10, 2023

ImpELF: Unmasking Linux Malware with a Novel Imphash Approach for ELF Binaries

GitHub - mandiant/GoReSym: Go symbol recovery tool

Go symbol recovery tool. Contribute to mandiant/GoReSym development by creating an account on GitHub.

·github.com·Jan 30, 2023

GitHub - mandiant/GoReSym: Go symbol recovery tool

ralphje/signify: Module to generate and verify PE signatures

Module to generate and verify PE signatures. Contribute to ralphje/signify development by creating an account on GitHub.

·github.com·Oct 10, 2023

ralphje/signify: Module to generate and verify PE signatures

danieluhricek/LiSa: Sandbox for automated Linux malware analysis.

Sandbox for automated Linux malware analysis. Contribute to danieluhricek/LiSa development by creating an account on GitHub.

·github.com·Jun 6, 2023

danieluhricek/LiSa: Sandbox for automated Linux malware analysis.

kargisimos/detenv

A small and portable Windows C library for sandbox detection

·github.com·Oct 10, 2023

kargisimos/detenv

rabbitstack/fibratus: A modern tool for Windows kernel exploration and tracing with a focus on security

A modern tool for Windows kernel exploration and tracing with a focus on security

#malware-analysis #tracing #windows #windows-monitoring

·github.com·Sep 3, 2023

rabbitstack/fibratus: A modern tool for Windows kernel exploration and tracing with a focus on security

Two Tools for Malware Analysis and Reverse Engineering in Ghidra

This post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.

#ghidra #ghidra-plugins

·insights.sei.cmu.edu·Sep 3, 2023

Two Tools for Malware Analysis and Reverse Engineering in Ghidra