Binsequencer is intended to scan a corpus of similar malware (family/campaign/like-tools) and build a YARA rule that will detect similar sections of code. Specifically, each file will be analyzed and have their data abstracted into sequences of x86 instruction sets. These sets are then used in a sliding window to find commonality across the entire sample corpus. Upon finding an acceptable match, the application will attempt various methods of techniques to create a YARA match moving most specific to least. In the least specific matching, it will convert the matched instruction sets into a series of x86 opcodes, surrounded by wildcards, for usage in a YARA rule. There are a couple of options to adjust the minimum length of the instruction set, but 25 has proven to be fairly reliable while testing samples. If you go too low, you'll start matching more samples that may be unrelated. You can also choose how many matches you want to use for your YARA rule and the application will attempt to find unique instruction sets. Additionally, while the script is intended to be run on x86 PE files, you can instruct it to run on non-PE (JAR/PDF/etc) files or just about any other type of file.
FEATURES
ALTERNATIVES
A curated list of open-source projects containing protestware sourced from various platforms.
A portable version of XSSHunter.com for finding and exploiting Cross-Site Scripting (XSS) vulnerabilities.
Valkyrie is a sophisticated file verdict system that enhances malware detection through behavioral analysis and extensive file feature examination.
A collection of reverse engineering challenges covering a wide range of topics and difficulty levels.
Studying Android malware behaviors through Information Flow monitoring techniques.
An online hash checker utility that retrieves information from various online sources, including Virustotal, HybridAnalysis, and more.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.