Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
Welcome to FLARE-VM - a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM). FLARE-VM was designed to solve the problem of reverse engineering tool curation and relies on two main technologies: Chocolatey and Boxstarter. Chocolatey is a Windows-based Nuget package management system, where a 'package' is essentially a ZIP file containing PowerShell installation scripts that download and configure a specific tool. Boxstarter leverages Chocolatey packages to automate the installation of software and create repeatable, scripted Windows environments. Requirements: - FLARE-VM should ONLY be installed on a virtual machine. - The VM should satisfy the following requirements: Windows >= 10, PowerShell >= 5, Disk capacity of at least 60 GB and memory of at least 2GB, Usernames without spaces or other special characters, Internet connection, Tamper Protection and any Anti-Malware solution (e.g., Windows Defender), Windows Defender disabled, preferably via Group Policy, Windows Updates Disabled. Installation instruction: This section documents the steps to install FLARE-VM.
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
A tool that generates Yara rules from training data using logistic regression and random forest classifiers.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Guide on emulating Raspberry Pi with QEMU and exploring Arm TrustZone research.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.