Home Malware Analysis Projects About

Vulpes

Vulpes is a Command & Control Framework with a Python Backend, and a C++ Implant. The Implant is designed to be as evasive as possible, whilst providing as much utility as possible.

Click to read more.


PreEmpt

PreEmpt is my messing-around-with-edr-stuff project. The goal is to implement a bunch of different detection capabilities to better understand their internals. So far, this consists of a Time/Event Based Memory Sweeper, an EtwTi Agent, and an orchestration process which receives events from these processes and passes them off to the ELK Stack, whilst also showing the user a Windows Toast Notification. On the agenda there is more EtwTi, a Hooking DLL, and probably some other stuff.

Click to read more.