Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

Rootkit spotter - experimental Linux rootkit finder LKM

A tool to cluster similar executables (PEs, DEXs, and etc), extract common signature, and generate Yara patterns for malware detection.

Rootkit breaker - experimental Linux anti-rootkit tool based on kprobes

THAMARA - Threat Hunting with AMSI and YARA

Framework built with LibVMI to collect indicators of Linux kernel-mode rootkit detection.

Anti-Ransomware Detection Tool

A toolchain for ELF executables and malware containing a standalone loader, file stripper, data obfuscator and a packer

This is a virus removal (protection) tool for a virus commonly known as "Dulla virus" and several weeks later by A/V vendors Win32.Agent.cb. Motivation of the work: even though this PE infector is very dangerous and was stealthily spreading fast, the major A/V companies failed to respond to this threat. Hence, needed to make own removal and prot…

Security Aware Linux Scheduler

Ring -1 Security Hypervisor for Windows - Advanced kernel-level security monitoring using Intel VMX and Extended Page Tables. Educational project demonstrating hypervisor development and defensive security implementation.

Testing samples for malware analysis testing

Implementation of a folder integrity and malware detection utility that scans directories, detects changes via SHA-256 snapshots, and isolates suspicious files based on heuristic analysis. Developed as an academic project at Politehnica University of Timișoara.

Simple low-level Android antivirus

Repository for malware development, analysis and prevention. For research and educational purposes only.

A simple tool to uncover files, directories, and connections hidden by malware.

Simple Android daemon for detecting malware in runtime

Projects from the Security of Systems and Services course at the Technical University of Crete, covering cryptography, malware detection, logging, and web application security.