Ryan elfmaster O'Neill (@elfmaster)
github

elfmaster

Twitter logo Share LinkedIn logo Share Facebook logo Share
  • Stars
    star
    2,383
  • Global Rank 12,758 (Top 0.5 %)
  • Followers 1,075
  • Following 26
  • Registered about 11 years ago
  • Most used languages
    C
         84.0 %
    C++
         8.0 %
    Roff     4.0 %
    Objective-C
         4.0 %
  • Location 🇺🇸 United States
  • Country Total Rank 4,430
  • Country Ranking
    Roff     64
    C
         180
    Objective-C
         1,084
    C++
         2,210

Top repositories

1

libelfmaster

Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
C
403
star
2

ftrace

POSIX Function tracing
C
323
star
3

skeksi_virus

Devestating and awesome Linux X86_64 ELF Virus
C
221
star
4

ecfs

extended core file snapshot format
C
219
star
5

maya

Highly advanced Linux anti-exploitation and anti-tamper binary protector for ELF.
C
151
star
6

dsym_obfuscate

Obfuscates dynamic symbol table
C
134
star
7

saruman

ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
C
126
star
8

kdress

Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore
C
121
star
9

binflow

This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)
C++
107
star
10

dt_infect

ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD
C
106
star
11

sherlocked

Universal script packer-- transforms any type of script into a protected ELF executable, encrypted with anti-debugging.
Objective-C
102
star
12

linker_preloading_virus

An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses
C
58
star
13

taskverse

A tool like /bin/ps but uses /proc/kcore for walking the tasklist; this finds hidden processes
C
56
star
14

libelfmaster_examples

Simple ELF tools written to demonstrate libelfmaster capabilities.
C
37
star
15

kprobe_rootkit

Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
C
35
star
16

ecfs_exec

Be able to execute memory snapshots so they can start running where they left off.
C
34
star
17

static_binary_mitigations

relros.c applies RELRO to static binaries, and static_to_dyn.c applies ASLR to static binaries.
C
32
star
18

shiva

Shiva is a programmable dynamic linker for loading ELF microprograms
Roff
29
star
19

davinci

Transforms any file into a protected ELF executable
C
26
star
20

scop_virus_paper

ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables
C
14
star
21

fork_trace

C++
10
star
22

avu32

anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF viruses
C
8
star
23

canaryism

Canaryism will tell you which functions are protected with gcc stack canaries
C
6
star
24

packt_book

C
6
star
25

interpx_documentation

4
star
26

shiva_blogposts

Multiple blogposts are maintained here.
3
star
27

shiva_presentations

2
star
28

unix_virus_anniversary

2
star
29

veriexec.linux

Veriexec implementation for Linux
C
2
star
30

poetry

Transcribing my poetry from 19yrs ago
1
star