pafish
VM/SAE detector
A tool to detect virtual machines and malware analysis environments by analyzing system behavior similar to malware detection methods.
Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
3k stars
176 watching
462 forks
Language: C
last commit: 5 months ago
Linked from 1 awesome list
analysis-environmentsmalwaremalware-analysismalware-familiesmalware-researchrdtscreverse-engineeringsandboxvirtual-machine
rshipp/awesome-malware-analysisRelated projects:
| Repository | Description | Stars |
|---|---|---|
 joesecurity/pafishmacro | An Office document designed to test and analyze malware detection systems | 278 |
 nsmfoo/antivmdetection | A tool to create templates making VirtualBox VM detection harder | 712 |
 gosecure/malboxes | Automates malware analysis on Windows VMs for research and testing purposes. | 1,030 |
 3coresec/automata | Automated tool to detect errors in security monitoring and measure effectiveness of SIEM rules against various behaviors. | 50 |
 idiom/pftriage | Tool to analyze files during malware analysis and triage by extracting properties and detecting malicious indicators. | 77 |
 navytitanium/fake-sandbox-artifacts | Creates artificial artifacts to evade malware detection and analysis | 250 |
 sophos/sorel-20m | A large-scale dataset and codebase for training machine learning models to detect malicious software | 638 |
 exeinfoasl/asl | A tool that analyzes and detects various packers, compilers, protectors, and obfuscators used in Windows executables. | 758 |
 csvl/sema | Analyzes malware by extracting and comparing system call dependencies to classify and detect malicious behavior | 94 |
 aau-network-security/haaukins | A platform providing automated virtualization environments for security education and vulnerability testing | 187 |
 withsecureopensource/see | An environment for building secure and isolated test automation frameworks for analyzing and testing malware | 814 |
 hasherezade/hollows_hunter | Analyzes running processes to detect and dump malicious code | 2,032 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 rajiv2790/falconeye | A real-time detection software for Windows process injections | 290 |
 stvemillertime/conventionengine | Detects and identifies suspicious PDB paths in malware files using Yara rules. | 37 |