PLASMA
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
What is the 'file scanning framework'? Network defenders should be empowered to drive capabilities forward how they see fit. This is the philosophy upon which, FSF was designed. FSF is a modular, recursive file scanning solution. FSF enables analysts to extend the utility of the Yara signatures they write and define actionable intelligence within a file. This is accomplished by recursively scanning a file and looking for opportunities to extract file objects using a combination of Yara signatures (to define opportunities) and programmable logic (to define what to do with the opportunity). The framework allows you to build out your intelligence capability by empowering you to apply observations wrought out of the analytical process… Okay that’s a mouthful – but think about it – if you see that some pattern (maybe a string or a byte sequence) that represents some concept or behavior; through the use of the framework, you are positioned to capture that observation and apply it to certain file types that meet your criteria. The goal being, to help extend the utility for observations from malware analysis and reverse engineering efforts.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
Code to prevent a managed .NET debugger/profiler from working.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
A new age tool for binary analysis that uses statistical visualizations to help find patterns in large amounts of binary data.
KLara is a distributed system written in Python that helps Threat Intelligence researchers hunt for new malware using Yara.
YARA is a tool for identifying and classifying malware samples based on textual or binary patterns.