ConventionEngine
0
Free
ConventionEngine is a collection of Yara rules looking for PEs with PDB paths that have unique, unusual, or overtly malicious-looking keywords, terms, or other features. For further reading on the context, please see the @FireEye blog series on the subject. Keywords = string words used by malware developers to organize files, folders and code projects, often describing the functionality of the malware. Terms = string words that show up in paths as a result of operating system, software, or user behavior, often indicating that the developer is riding solo or that code project is not being developed for a "enterprise" software product. Anomalies = Other things that are less common but are suspicious or indicative of various behaviors. See also here: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/definitive_dossier_pdb_yara_appendix.pdf
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
Binary Ninja is an interactive decompiler, disassembler, debugger, and binary analysis platform with a focus on automation and a clean GUI.
Free
Binary analysis and management framework for organizing malware and exploit samples.
Free
Kaitai Struct is a declarative language for describing binary data structures.
Free
A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases
Free
Interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features
Free
A semi-automatic tool to generate YARA rules from virus samples.
Free
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.
Free
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security