issues
search
ayoubfaouzi
/
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
GNU General Public License v2.0
5.95k
stars
1.18k
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Why put a password on the 7.z ? "yug69gG89T98HGUY8y"
#276
XetalEngine
closed
4 weeks ago
1
Add ollyice.exe, dedup joeboxserver.exe
#275
xtexChooser
closed
1 month ago
0
Attach project binaries to releases for accessibility
#274
holysoles
closed
2 months ago
3
Trigger Github Action
#273
SolsticeSpectrum
closed
2 months ago
2
Question about the RDTSC detection with locky trick
#272
M6HqVBcddw2qaN4s
closed
4 months ago
2
Fix incorrect comparison when counting smbios tables
#271
CyberGreg05
closed
8 months ago
1
Working with a mounted flash drive
#270
CyberGreg05
closed
8 months ago
1
Checking raw ThermalZoneInfo performance counters with WMI
#269
CyberGreg05
closed
9 months ago
2
Spelling cleanup
#268
iamjplant
closed
9 months ago
0
Checking the virtual machine through the number of SMBIOS tables
#267
CyberGreg05
closed
9 months ago
1
Bug in commit 0c22e74
#266
hadarnir
closed
10 months ago
1
Added WaitForMultipleObjects and Frida processes
#265
Fra-SM
closed
10 months ago
1
Add cheat engine for anti-analysis
#264
xmaple555
closed
1 year ago
0
Add cheat engine for anti-analysis
#263
xmaple555
closed
1 year ago
3
Update README.md
#262
mrexodia
closed
1 year ago
1
Added Al-Khaser console parameters for test enabling
#261
Haimasker
closed
1 year ago
5
Anti-debugging attacks
#260
Charles2333
opened
1 year ago
0
ldt_trick invalid detection method same results on 2 VM and 2 bare-metal (win+linux)
#259
adeliktas
opened
1 year ago
1
Anti-VM Fix Issue
#258
FaLC10
closed
1 year ago
0
put into malware
#257
mishav78
closed
1 year ago
5
Mouse movement
#256
samogost
closed
1 year ago
3
Fix spelling mistake in timing.cpp
#255
SleekZ
closed
1 year ago
0
Debugger Detection BUG
#254
YHSanSheng
opened
1 year ago
2
Add NtSystemDebugControl anti-dbg
#252
stevemk14ebr
closed
2 years ago
1
False positives
#251
thewolfram
opened
2 years ago
0
can embed in golang?
#250
Phuong39
opened
2 years ago
1
Enhancement support request
#249
gotspatel
opened
2 years ago
0
Parent process hijacking (CreateProcess/ProcThreadAttribute)
#248
ayoubfaouzi
opened
2 years ago
0
Ability to run a specific subset of checks
#247
weewoo22
opened
3 years ago
1
Fixed building with VS2019
#246
hasherezade
closed
3 years ago
2
Bugfix + new anti-disassembly technique
#245
Yp3rion
closed
3 years ago
5
Add KVM virtio artifacts and QEMU guest agent / spice tools artifacts.
#244
ayoubfaouzi
closed
3 years ago
0
ooop
#243
ghost
closed
3 years ago
0
Is dyncheck.com signature exists?
#242
Miracle-doctor
closed
3 years ago
4
Add Hyper-V object checks.
#241
gsuberland
closed
3 years ago
0
This will build and upload binaries
#240
graysuit
closed
3 years ago
1
This will build and upload binaries
#239
graysuit
closed
3 years ago
6
Fix ScanForModules_MemoryWalk_Hidden and add new .NET structure scan.
#238
gsuberland
closed
3 years ago
0
Module scanner assumes memory region must be executable
#237
gsuberland
closed
3 years ago
1
Improve parent process check to avoid false positives.
#236
gsuberland
closed
3 years ago
1
Bug fixes and new checks in ThreadHideFromDebugger.
#235
gsuberland
closed
3 years ago
0
[Improvement] ScanForModules does not support managed modules
#234
0x11DFE
closed
3 years ago
11
Anti-Debug: LocalSize(0)
#233
recvfrom
opened
3 years ago
0
Hyper-V RAW network protocol detection
#232
gsuberland
opened
3 years ago
0
Using PoolTags to Fingerprint Hosts
#231
hfiref0x
opened
3 years ago
3
[anti-debug]NtSetInformationThread_ThreadHideFromDebugger uses a wrong parameter when calling NtQueryInformationThread.
#230
co-neco
closed
3 years ago
1
Anti-VM: Hyper-V / Windows Sandbox MAC
#229
recvfrom
opened
3 years ago
2
Anti-VM: in instruction (VMWare)
#228
recvfrom
opened
3 years ago
2
New hostnames / usernames checked for by malware
#227
recvfrom
opened
3 years ago
4
Check for the lack of user input.
#226
packmad
closed
3 years ago
1
Next