a-ray-grass Logo

a-ray-grass

0
Free
Visit Website

a-ray-grass is a YARA module that provides support for DCSO format bloom filters in YARA. In the context of hashlookup, it allows quickly discard known files 'pour séparer le grain de l'ivraie'. Installation: - Copy the folder libyara/fleur in libyara - Copy the folder libyara/modules/araygrass in libyara/modules - Modify libyara/Makefile.am - Add modules/araygrass/araygrass.c to the MODULES variable - Add fleur/fnv.c and fleur/fleur.c to the libyara_la_SOURCES variable - Modify /libyara/modules/module_list - Append MODULE(araygrass) at the end of the file - Finally modify libyara/modules/araygrass/araygrass.c There you will find two paths defined: - BF_PATH_IN: specify here the path to your input bloom filter, the filter against which variables will be checked - BF_PATH_OUT: specify here the path where you wish to save the modified bloom filter after YARA finished its execution. It can be left empty if no modifications are made to the filter. It's totally ok to set the same path for both variables. Compilation: - Go back to YARA's root folder and make

FEATURES

ALTERNATIVES

A minimal, consistent API for building integrations with malware sandboxes

PINCE is a front-end/reverse engineering tool for the GNU Project Debugger (GDB), focused on games, with CheatEngine-like value type support and memory searching capabilities.

A library for checking potentially malicious files and archives using YARA and making a decision about their harmfulness.

A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.

A framework for reverse engineering Flutter apps with modified Flutter library for dynamic analysis and traffic monitoring.

Tool for fingerprinting malware HTTP requests.

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.

PINNED