Computer security researcher, reverse engineer, and ELF connoisseur
libelfmaster. Secure ELF parsing/loading library for forensics reconstruction of malware, and robust reverse engineering tools
454ftrace. POSIX Function tracing
340skeksi_virus. Devestating and awesome Linux X86_64 ELF Virus
239ecfs. extended core file snapshot format
229maya. Highly advanced Linux anti-exploitation and anti-tamper binary protector for ELF.
161saruman. ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)
140dsym_obfuscate. Obfuscates dynamic symbol table
137kdress. Transform vmlinuz into a fully debuggable vmlinux that can be used with /proc/kcore
131dt_infect. ELF Shared library injector using DT_NEEDED precedence infection. Acts as a permanent LD_PRELOAD
111binflow. This is the new ftrace (https://github.com/elfmaster/ftrace) - Much faster, better resolution but not complete yet! :)
111sherlocked. Universal script packer-- transforms any type of script into a protected ELF executable, encrypted with anti-debugging.
105linker_preloading_virus. An example of hijacking the dynamic linker with a custom interpreter who loads and executes modular viruses
66taskverse. A tool like /bin/ps but uses /proc/kcore for walking the tasklist; this finds hidden processes
60kprobe_rootkit. Linux kernel rootkit using kprobes (From http://phrack.org/issues/67/6.html)
42libelfmaster_examples. Simple ELF tools written to demonstrate libelfmaster capabilities.
42ecfs_exec. Be able to execute memory snapshots so they can start running where they left off.
37shiva. Shiva is a programmable dynamic linker for loading ELF microprograms
36static_binary_mitigations. relros.c applies RELRO to static binaries, and static_to_dyn.c applies ASLR to static binaries.
34davinci. Transforms any file into a protected ELF executable
29scop_virus_paper. ELF Virus infection techniques that work with SCOP (Secure code partitioned) executables
15fork_trace. C++
11avu32. anti virus 32bit. my first attempt (in 2008) to write prototype for detecting/disinfecting unix ELF viruses
9ee-ecfs. A version of ECFS (Extended core file snapshot) technology that was revamped for the DARPA EBOSS program-- ELF core-files with rich ABI enhancements for automated vulnerability research.
9canaryism. Canaryism will tell you which functions are protected with gcc stack canaries
7packt_book. C
6interpx_documentation.
5unix_virus_anniversary.
3shiva_blogposts. Multiple blogposts are maintained here.
3shiva_presentations.
3veriexec.linux. Veriexec implementation for Linux
3scripts. Python
3bcc. BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
2sentinel. Sentinel is a command line tool able to protect Windows 32 bit programs against exploits targeted by attackers or viruses. It can protect your programs against 0-day attacks or publicly known bugs.
2binutils-gdb. Unofficial mirror of sourceware binutils-gdb repository. Updated daily.
2linux. Linux kernel source tree
1seventh_gate. C
1poetry. Transcribing my poetry from 19yrs ago
1unread. .eh_frame unwind information parser
1openssh-portable. Portable OpenSSH
1