Explores malware interaction with Windows API and methods for detection and prevention.
The findcrypt-yara is an IDA Pro plugin that helps in finding crypto constants and more. To install, make sure to have yara-python package installed with pip, and store custom rule files in the designated directories based on your operating system.
Explores malware interaction with Windows API and methods for detection and prevention.
A powerful tool for detecting and identifying malware using a rule-based system.
A software reverse engineering framework with full-featured analysis tools and support for multiple platforms, instruction sets, and executable formats.
Collection of malware persistence information and techniques
Yara mode for GNU Emacs to edit Yara related files
Repository of scripts, signatures, and IOCs related to various malware analysis topics.