File Scanning Framework (FSF) v1.1
What is the 'file scanning framework'? Network defenders should be empowered to drive capabilities forward how they see fit. This is the philosophy upon which, FSF was designed. FSF is a modular, recursive file scanning solution. FSF enables analysts to extend the utility of the Yara signatures they write and define actionable intelligence within a file. This is accomplished by recursively scanning a file and looking for opportunities to extract file objects using a combination of Yara signatures (to define opportunities) and programmable logic (to define what to do with the opportunity). The framework allows you to build out your intelligence capability by empowering you to apply observations wrought out of the analytical process… Okay that’s a mouthful – but think about it – if you see that some pattern (maybe a string or a byte sequence) that represents some concept or behavior; through the use of the framework, you are positioned to capture that observation and apply it to certain file types that meet your criteria. The goal being, to help extend the utility for observations from malware analysis and reverse engineering efforts.
FEATURES
ALTERNATIVES
Fernflower is an analytical decompiler for Java with command-line options and support for external classes.
Yaraprocessor allows for scanning data streams in unique ways and dynamic scanning of payloads from network packet captures.
Ropper is a tool for analyzing binary files and searching for gadgets to build rop chains for different architectures.
A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.
An advanced cross-platform tool for detecting and exploiting SQL injection security flaws
A Go library for manipulating YARA rulesets with the ability to programatically change metadata, rule names, and more.
Identifies 137 malicious npm packages and gathers system information to a remote server.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.