awesome-yara
Detect-It-Easy
Our great sponsors
awesome-yara | Detect-It-Easy | |
---|---|---|
7 | 18 | |
3,193 | 6,429 | |
2.8% | - | |
5.6 | 9.4 | |
20 days ago | 4 days ago | |
JavaScript | ||
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-yara
- Incorporating YARA Into Security Processes?
-
Cybersecurity Repositories
YARA
-
YARA Rules for Malware
Check out the myriad of resources available here: https://github.com/InQuest/awesome-yara
-
Identifying packers, crypters or protectors
A signature-based approach with YARA can work to fingerprint the specific software used to obfuscate the malware. A lot of YARA rules for a variety of purposes can be found here, and it might be useful to aggregate ones you care about into your own little detection pipeline.
-
What are the best FOSS YARA rules you would recommend to deploy?
https://github.com/InQuest/awesome-yara#rules
Detect-It-Easy
-
E-book piracy - a weird ZIP file
If it was me, I'd first run something like DIE on it (I have a few such programs installed)- https://github.com/horsicq/Detect-It-Easy
- How do I debug software that detaches as soon as I attach the debugger
- Detect It Easy 3.06 Program for determining types of files for Windows, Linux and MacOS.
-
Decompiling MPRESS packed Autohotkey scripts!
First to confirm suspicions we will download and launch Detect it easy and click THIS button and select your executable and it should say "MPRESS 2.19" right HERE, that's how you know it's an MPRESS packed executable
-
XMachOViewer 0.02 - MachO file viewer/editor for Windows, Linux and macOS.
Yes. :) this tool is Detect It Easy(DiE): https://github.com/horsicq/Detect-It-Easy
-
youtube-dl-gui - why is the Linux binary so big?
So I thought I'd take a closer look. Ran DiE on both binaries... the Windows one, except for the zlib overlay part is not compressed. Neither is the Linux one... but, it's not compressible... at least not with UPX.
-
Identifying packers, crypters or protectors
They use signatures. You can see the logic Detect-It-Easy uses to detect each tool by looking at the appropriate script https://github.com/horsicq/Detect-It-Easy/tree/master/db/PE
What are some alternatives?
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
malware-ioc - Indicators of Compromises (IOC) of our various investigations
radare2 - UNIX-like reverse engineering framework and command-line toolset
x64dbg - An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Nauz-File-Detector - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
youtube-dl-gui - A cross platform front-end GUI of the popular youtube-dl written in wxPython.
signature-base - YARA signature and IOC database for my scanners and tools
flare-vm - A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
PEpper - An open source script to perform malware static analysis on Portable Executable
awesome-malware-analysis - Defund the Police.
yara - The pattern matching swiss knife
wt-tools - War Thunder resource extraction tools