Cross-platform malware development library for anti-analysis techniques.
- Provide a rich and convenient interface for defensive evasion for Golang, a popular choice for red teams and malware engineers.
- Use as a learning resource for both attack and mitigation, and a collaborative project to contribute new techniques
// Most standard debugger checks for each platform
func CheckDebuggerBasic()
// Breakpoints: exception and checksums
func CheckThrowBreakpoint()
func BreakpointChecksumAt(ptr interface{})
func CheckHardwareBreakpoints() // Win only!
// Process Mappings Check
func CheckMemoryFingerprint()
// Parent Process Fingerprinting
func CheckParentTracer()// Profile CPUID for VM features
func CheckCPUIDIsVM()
func CheckCPUIDHypervisor()
// VM Process Enumeration (WIP)
func CheckVMProcesses()// Linux Only - requires dynamically linking journald
func CheckEbpfTracer()Have another technique you want curated? Create a pull request!