There are no reviews yet. Be the first to send feedback to the community and the maintainers!
libelfmaster
Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering toolsftrace
POSIX Function tracingskeksi_virus
Devestating and awesome Linux X86_64 ELF Virusecfs
extended core file snapshot formatmaya
Highly advanced Linux anti-exploitation and anti-tamper binary protector for ELF.dsym_obfuscate
Obfuscates dynamic symbol tablesaruman
ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)kdress
Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcorebinflow
This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)dt_infect
ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOADsherlocked
Universal script packer-- transforms any type of script into a protected ELF executable, encrypted with anti-debugging.linker_preloading_virus
An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular virusestaskverse
A tool like /bin/ps but uses /proc/kcore for walking the tasklist; this finds hidden processeslibelfmaster_examples
Simple ELF tools written to demonstrate libelfmaster capabilities.kprobe_rootkit
Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)ecfs_exec
Be able to execute memory snapshots so they can start running where they left off.static_binary_mitigations
relros.c applies RELRO to static binaries, and static_to_dyn.c applies ASLR to static binaries.shiva
Shiva is a programmable dynamic linker for loading ELF microprogramsdavinci
Transforms any file into a protected ELF executablescop_virus_paper
ELF Virus infection techniques that work with SCOP (Secure code partitioned) executablesfork_trace
avu32
anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF virusescanaryism
Canaryism will tell you which functions are protected with gcc stack canariespackt_book
interpx_documentation
shiva_blogposts
Multiple blogposts are maintained here.unix_virus_anniversary
veriexec.linux
Veriexec implementation for Linuxpoetry
Transcribing my poetry from 19yrs agoLove Open Source and this site? Check out how you can help us