flare-floss
capa
flare-floss | capa | |
---|---|---|
4 | 2 | |
3,016 | 3,854 | |
2.6% | 3.5% | |
9.3 | 9.8 | |
7 days ago | 5 days ago | |
Python | Python | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
flare-floss
-
Why is this de-compiled code showing a different value in memory sometimes?
Depending on how clever the developer was, this tool works well to find hidden strings: https://github.com/mandiant/flare-floss
-
Static Analysis Research - Windows PE
Recently, I decided do delve a little bit more into static analysis, something beyond just running strings on a binary and getting the ASCII characters that are printable. I decided to take a deep look at how FLOSS is working and possibly recreate some of its functionality in my own tool.
- Hogy lehet észrevenni, ha valaki bejár a gépedre és adatot visz ki? KRÉTA sztori spin-off
- Installed Kaspersky today, Trojan.Win32.Hosts2.gen detected. Malwarebytes and Windows Defender didn’t detected it before. False positive?
capa
-
N00bs Night Malware RE Workshop with @c3rb3ru5d3d53c (OALABS)
Python3 Environment Basics For IDA Pro (Windows) https://www.patreon.com/posts/python3-basics-58467121 Hexcopy (save a click) https://github.com/OALabs/hexcopy-ida HashDB https://github.com/OALabs/hashdb-ida Flare-IDA https://github.com/mandiant/flare-ida Capa https://github.com/mandiant/capa Capa Rules https://github.com/mandiant/capa-rules BinDiff https://www.youtube.com/watch?v=BLBjcZe-C3I
-
How to analyze malicious PDF?
You can detonate it into a VM running an instance of Cuckoo Sandbox. If you want to go the extra mile, you can dump the memory of said VM and analyse it with Volatility Framework. Also, if you want to quickly identify behavioural patterns in executable code, you can use Mandiant's CAPA tool (though idk if it works on .pdfs).
What are some alternatives?
yara - The pattern matching swiss knife
capa-rules - Standard collection of rules for capa: the tool for enumerating the capabilities of programs
gsoc - NumFOCUS Google Summer of Code Materials
flare-ida - IDA Pro utilities from FLARE team
flare-fakenet-ng - FakeNet-NG - Next Generation Dynamic Network Analysis Tool
drakvuf-sandbox - DRAKVUF Sandbox - automated hypervisor-level malware analysis system
win32-shellcode - Win32 Shellcode CheatSheet: Your visual guide for crafting and understanding shellcode. Ideal for malware, and exploit developers
hashdb-ida - HashDB API hash lookup plugin for IDA Pro
pytextcodifier - :package: Turn your text files into codified images or your codified images into text files.
STrace - A DTrace on Windows Reimplementation
peresources
hexcopy-ida - IDA plugin for quickly copying disassembly as encoded hex bytes