ConventionEngine is a collection of Yara rules looking for PEs with PDB paths that have unique, unusual, or overtly malicious-looking keywords, terms, or other features. For further reading on the context, please see the @FireEye blog series on the subject. Keywords = string words used by malware developers to organize files, folders and code projects, often describing the functionality of the malware. Terms = string words that show up in paths as a result of operating system, software, or user behavior, often indicating that the developer is riding solo or that code project is not being developed for a "enterprise" software product. Anomalies = Other things that are less common but are suspicious or indicative of various behaviors. See also here: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/definitive_dossier_pdb_yara_appendix.pdf
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A sandbox for quickly sandboxing known or unknown families of Android Malware
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.