yara-python
Loki
yara-python | Loki | |
---|---|---|
1 | 12 | |
623 | 3,248 | |
0.6% | - | |
6.7 | 5.7 | |
about 1 month ago | 2 months ago | |
C | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yara-python
-
Pros and Cons of Rust for Cybersecurity
But, due to the young ecosystem, Rust isn't often the best choice for the 2nd category. There are exceptions: while working on a ROP exploitation CLI tool, I was surprised to find the top 3 fastest x86-64 disassemblers are all written in Rust. But other languages just have more mature security ecosystems. Python in particular has some amazing libraries like scapy and bindings for yara.
Loki
-
My Boss Downloaded and Opened a .lnk File and Installed a Malware in His Device
You should run a tool like loki for ioc scanning. This will identify persistence https://github.com/Neo23x0/Loki
-
Deep system malware detection
Link to Loki is here just in case you need it. https://github.com/Neo23x0/Loki
-
What are some of the most frequently used (or favorite) tools in your toolbox?
Loki - YARA/IOC scanner
-
PChunter equivalent on Linux?
loki
- Rage about CVE dataset quality(?)
-
Cybersecurity professionals - what’s your “toolkit”/process to check a desktop PC is clean (or infected), before concluding that a reinstall of the OS is needed?
https://github.com/Neo23x0/Loki is a good tool to check for the presence of anomalies.
-
Which rootkit scanner to use in a could environment ?
Nextron Thor Scanner
-
Proxyshell Vulnerability is Actively used in Exchange servers
Loki - Yara Scanning is recommended for checking the webshell https://github.com/Neo23x0/Loki
-
Question about spyware
I am not an expert, but this is what I would start by doing. Ideally, if you can read javascript, try and understand what the tampermonkey script does. If you still have script, you could try analysing it with tools such as loki. Even if loki doesnt match it you could compute the sha256 signature and look it up on valhalla.
- Is it possible to write an antivirus in python?
What are some alternatives?
signature-base - YARA signature and IOC database for my scanners and tools
yara - The pattern matching swiss knife
awesome-yara - A curated list of awesome YARA rules, tools, and people.
reversinglabs-yara-rules - ReversingLabs YARA Rules
a-ray-grass - a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly discard known files "pour séparer le grain de l'ivraie"
scapy - Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
hazedumper - up to date csgo offsets and hazedumper config
xgadget - Fast, parallel, cross-variant ROP/JOP gadget search for x86/x64 binaries.
Veil-Evasion - Veil Evasion is no longer supported, use Veil 3.0!
pyHanko - pyHanko: sign and stamp PDF files