This collection of programs demonstrates techniques used in malware to accomplish core tasks.
It's like Al-Khaser, except focused on macOS
and Linux
.
- Anti-Autoanalysis
- Anti-Reverse Engineering
- Anti-VM
- Data-Collection
- Persistence
These programs are written in a mix of languages. Currently, the library uses (in order of strlen(language_name)
):
C
x86
Bash
Python
Objective-C
Each program is meant to be run independently. There is no main.{c,py,m,asm}
.
Typically, each program (written in C
) can be compiled with $ gcc FILE -o OUTPUT_FILE
.
Exceptions to this are:
src/anti-vm/cross-platform/vmware_detect_with_asm.c
, which usescmake
for compilation. Instructions can be found insrc/anti-vm/cross-platform/README.md
.src/anti-autoanalysis/macOS/detectUserActivity
, which usesclang
for compilation. Instructions can be found insrc/anti-autoanalysis/macOS/detectUserActivity/README.md
You can read about the motivation behind this project in this presentation I gave.
Thank you to all the security researchers that made this project possible. Material published by the following researchers was particularly helpful while I was building this library: