Rusty Hog
A suite of secret scanners built in Rust for performance.
This is the java code implementing the AutoYara algorithm, from our paper Automatic Yara Rule Generation Using Biclustering. Given a set of input files that belong to a given malware family, AutoYara can create Yara rules from the input samples. Our testing indicates it can be successful with as few as 2 sample files, and can achieve very low false positive rates. The goal is to help analysts that need to create rules to weed out the easy families first, so that they can work on the samples that do not yield to automation. This is research code, and comes with no warranty or support. Quick Start: You can download a pre-built binary of AutoYara from the release tab. If you have Java 11 (or greater) installed, you can get started by using the -i flag and providing a path to a file. If you give a folder, files will be selected from that folder recursively. Multiple files/paths can be specified using multiple -i arguments. java -jar AutoYara.jar -i ~/family_dataset/test/azero/ The final output will be written to the current directory. If you want to change the output directory or output file name, you can use --out /path/to/name.yara to change that. Unless you run on a few hun
A suite of secret scanners built in Rust for performance.
A backend agnostic debugger frontend for debugging binaries without source code access.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Collection of malware persistence information and techniques
Exploiting a vulnerability in HID iClass system to retrieve master authentication key for cloning cards and changing reader settings.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.