al-khaser vs FakeNet-NG
GitHub Stats
About al-khaser
al-khaser is a proof-of-concept application that implements numerous malware evasion techniques in a single codebase. It serves as a reference for security researchers studying how malware detects virtual machines, sandboxes, debuggers, and analysis environments. Techniques include timing attacks, CPU feature detection, registry checks, process enumeration, hardware fingerprinting, and API hooking detection. Each technique is implemented, documented, and testable independently. Security teams use al-khaser to validate that their analysis environments and sandboxes are resistant to common evasion methods employed by real-world malware.
About FakeNet-NG
FakeNet-NG is a dynamic network analysis tool designed for malware analysis on Windows and Linux. It intercepts and redirects all network traffic to local listeners that simulate real internet services (HTTP, HTTPS, DNS, SMTP, FTP, IRC, and custom protocols). This allows analysts to observe malware network behavior without allowing actual internet connectivity, capturing C2 communications, download URLs, exfiltration attempts, and protocol patterns. FakeNet-NG supports SSL interception, custom response scripts, and integration with other analysis tools. It operates at the network driver level, catching traffic from all processes simultaneously.
Platform Support
Tags
al-khaser only
FakeNet-NG only