GadgetProbe
0 (0)
A tool for identifying and analyzing Java serialized objects in network traffic
ConventionEngine is a collection of Yara rules looking for PEs with PDB paths that have unique, unusual, or overtly malicious-looking keywords, terms, or other features. For further reading on the context, please see the @FireEye blog series on the subject. Keywords = string words used by malware developers to organize files, folders and code projects, often describing the functionality of the malware. Terms = string words that show up in paths as a result of operating system, software, or user behavior, often indicating that the developer is riding solo or that code project is not being developed for a "enterprise" software product. Anomalies = Other things that are less common but are suspicious or indicative of various behaviors. See also here: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/definitive_dossier_pdb_yara_appendix.pdf
A tool for identifying and analyzing Java serialized objects in network traffic
Generate Yara rules from function basic blocks in x64dbg.
A library of PHP unserialize() payloads and a tool to generate them.
A program to manage yara ruleset in a database with support for different databases and configuration options.
Boomerang Decompiler is a machine code decompiler supporting various architectures and file formats, with a focus on high-level language output.
VxSig is a tool to automatically generate AV byte signatures from similar binaries.