Loki
cvelistV5
Loki | cvelistV5 | |
---|---|---|
12 | 5 | |
3,226 | 484 | |
- | 15.3% | |
5.7 | 4.8 | |
about 2 months ago | 4 days ago | |
Python | ||
GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Loki
-
My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device
You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
-
Deep system malware detection
Link to Loki is here just in case you need it. https://github.com/Neo23x0/Loki
-
What are some of the most frequently used (or favorite) tools in your toolbox?
Loki - YARA/IOC scanner
-
PChunter equivalent on Linux?
loki
- Rage about CVE dataset quality(?)
-
Cybersecurity professionals - what’s your “toolkit”/process to check a desktop PC is clean (or infected), before concluding that a reinstall of the OS is needed?
https://github.com/Neo23x0/Loki is a good tool to check for the presence of anomalies.
-
Which rootkit scanner to use in a could environment ?
Nextron Thor Scanner
-
Proxyshell Vulnerability is Actively used in Exchange servers
Loki - Yara Scanning is recommended for checking the webshell https://github.com/Neo23x0/Loki
-
Question about spyware
I am not an expert, but this is what I would start by doing. Ideally, if you can read javascript, try and understand what the tampermonkey script does. If you still have script, you could try analysing it with tools such as loki. Even if loki doesnt match it you could compute the sha256 signature and look it up on valhalla.
- Is it possible to write an antivirus in python?
cvelistV5
-
Maccarone: AI-managed code blocks in Python
We, as an industry, didn't stop shipping bugs. (Small example: https://github.com/CVEProject/cvelistV5/releases)
And that thorough code review prevents bugs is, at best, a debatable assertion. See e.g. https://www.microsoft.com/en-us/research/publication/code-re...
It finds _some_ bugs. CI/CD, and a massive investment in automated testing has probably had the largest impact in moving software quality forward. (See e.g. "Accelerate", Forsgren, Humble & Kim)
Code review is an excellent tool to socialize knowledge and train up more junior engineers, but in terms of preventing bugs, it's low-value.
-
"Mirror" of the soon to be deprecated NIST NVD CVE Feeds
There seems to be new repository in a new JSON format: https://github.com/CVEProject/cvelistV5
-
Please don't use GPT for Security Guidance
Meanwhile, over here, I just stare at https://github.com/CVEProject/cvelistV5 and mumble "any reasonable dev, front of mind".
-
On the uselessness of MITRE's CVE List
The issues I filed in the cvelistV5 repo are also unanswered, so I guess nobody gives a damn.
-
Rage about CVE dataset quality(?)
118955 entries don't even have an affected vendor/product software field, and neither with a valid version string and/or condition. They only contain plaintext descriptions and no version matching field either. Filed an issue here about it.
What are some alternatives?
yara - The pattern matching swiss knife
opencve - CVE Alerting Platform
reversinglabs-yara-rules - ReversingLabs YARA Rules
maccarone - AI-managed code blocks in Python ⏪⏩
signature-base - YARA signature and IOC database for my scanners and tools
cve-schema - This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
hazedumper - up to date csgo offsets and hazedumper config
gsd-tools - Global Security Database Tools
Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
cvelist - Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
pyHanko - pyHanko: sign and stamp PDF files
Veil - Veil 3.1.X (Check version info in Veil at runtime)