Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ex0dus-0x/menagerie
Cross-platform malware development library for anti-analysis techniques
https://github.com/ex0dus-0x/menagerie
Last synced: 9 days ago
JSON representation
Cross-platform malware development library for anti-analysis techniques
- Host: GitHub
- URL: https://github.com/ex0dus-0x/menagerie
- Owner: ex0dus-0x
- Created: 2021-01-18T16:55:12.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2021-07-27T02:30:39.000Z (over 3 years ago)
- Last Synced: 2024-06-19T02:07:00.059Z (6 months ago)
- Language: C
- Homepage:
- Size: 44.9 KB
- Stars: 25
- Watchers: 4
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# The Anti-Analysis Menagerie
Cross-platform malware development library for anti-analysis techniques.
## Design Goals
* Provide a rich and convenient interface for defensive evasion for Golang, a popular choice for red teams and malware engineers.
* Use as a learning resource for both attack and mitigation, and a collaborative project to contribute new techniques## Techniques Supported
### Debugger Detection:
```go
// Most standard debugger checks for each platform
func CheckDebuggerBasic()// Breakpoints: exception and checksums
func CheckThrowBreakpoint()
func BreakpointChecksumAt(ptr interface{})
func CheckHardwareBreakpoints() // Win only!// Process Mappings Check
func CheckMemoryFingerprint()// Parent Process Fingerprinting
func CheckParentTracer()
```### Virtual Machine Detection:
```go
// Profile CPUID for VM features
func CheckCPUIDIsVM()
func CheckCPUIDHypervisor()// VM Process Enumeration (WIP)
func CheckVMProcesses()
```### Telemetry Monitoring Detection:
```go
// Linux Only - requires dynamically linking journald
func CheckEbpfTracer()
```## Contributing
Have another technique you want curated? Create a pull request!