al-khaser vs capa
GitHub Stats
About al-khaser
al-khaser is a proof-of-concept application that implements numerous malware evasion techniques in a single codebase. It serves as a reference for security researchers studying how malware detects virtual machines, sandboxes, debuggers, and analysis environments. Techniques include timing attacks, CPU feature detection, registry checks, process enumeration, hardware fingerprinting, and API hooking detection. Each technique is implemented, documented, and testable independently. Security teams use al-khaser to validate that their analysis environments and sandboxes are resistant to common evasion methods employed by real-world malware.
About capa
Capa is an automated tool for identifying capabilities in executable files, detecting techniques such as persistence mechanisms, command and control (C2) communications, and anti-analysis methods. Built in Python, Capa uses a rule-based approach to analyze binary files and report on the functionalities they contain. This tool is essential for malware analysis, aiding security researchers in understanding the potential impact of a sample.
Platform Support
Tags
al-khaser only
capa only