2 个仓库
Signatures and logic designed to detect the use of trusted binaries for security evasion.
Distinct from Binary Analysis: Focuses on the detection of evasion patterns rather than the general analysis of the binary structure.
Explore 2 awesome GitHub repositories matching part of an awesome list · Evasion Detection Rules. Refine with filters or upvote what's useful.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Provides detection rules to identify when signed binaries are used for security evasion.
This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r
Implements signatures designed to detect the use of anti-debugging and anti-virtualization evasion techniques.