File Scanning Framework (FSF) v1.1 Logo

File Scanning Framework (FSF) v1.1

0
Free
Visit Website

What is the 'file scanning framework'? Network defenders should be empowered to drive capabilities forward how they see fit. This is the philosophy upon which, FSF was designed. FSF is a modular, recursive file scanning solution. FSF enables analysts to extend the utility of the Yara signatures they write and define actionable intelligence within a file. This is accomplished by recursively scanning a file and looking for opportunities to extract file objects using a combination of Yara signatures (to define opportunities) and programmable logic (to define what to do with the opportunity). The framework allows you to build out your intelligence capability by empowering you to apply observations wrought out of the analytical process… Okay that’s a mouthful – but think about it – if you see that some pattern (maybe a string or a byte sequence) that represents some concept or behavior; through the use of the framework, you are positioned to capture that observation and apply it to certain file types that meet your criteria. The goal being, to help extend the utility for observations from malware analysis and reverse engineering efforts.

FEATURES

ALTERNATIVES

A tutorial on setting up a virtual ARM environment, reversing ARM binaries, and writing basic exploits for ARM using the trafman challenge of rwthCTF as an example.

A Linux process injection tool that injects shellcode into a running process

A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz

A project providing open-source YARA rules for malware and malicious file detection

RetDec is a versatile machine-code decompiler with support for various file formats and architectures.

A tool for reverse engineering Android apk files.

YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.

A multithreaded YARA scanner for incident response or malware zoos.