Malware Research

ConventionEngine is a Yara rule collection that analyzes PE files by examining PDB paths for suspicious keywords, terms, and anomalies that may indicate malicious software.

A tool that generates pseudo-malicious files to trigger YARA rules.

InvalidSign is a security research tool that bypasses endpoint solutions by obtaining valid signed files with different hashes to evade signature-based detection mechanisms.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.

A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.

A .Net wrapper library for the native Yara library with interoperability and portability features.

Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

A strings statistics calculator for YARA rules to aid malware research.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.

StringSifter is a machine learning tool that automatically ranks strings extracted from malware samples based on their relevance for analysis.

A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.