Generate Yara rules from function basic blocks in x64dbg.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata. GuardDog can be used to scan local or remote PyPI and npm packages using any of the available heuristics. Getting started: Installation: - pip install guarddog - Or use the Docker image: docker pull ghcr.io/datadog/guarddog - alias guarddog='docker run --rm ghcr.io/datadog/guarddog' Note: On Windows, the only supported installation method is Docker. Sample usage: - Scan the most recent version of the 'requests' package: guarddog pypi scan requests - Scan a specific version of the 'requests' package: guarddog pypi scan requests --version 2.28.1 - Scan the 'request' package using 2 specific heuristics: guarddog pypi scan requests --rules exec-base64 --rules code-execution - Scan the 'requests' package using all rules but one: guarddog pypi scan requests --exclude-rules exec-base64 - Scan a local package: guarddog pypi scan /tmp/triage.tar.gz - Scan a local directory, the packages need to be located in the root directory For instance you have several pypi packages in ./samples/ like: ./samples/package
Generate Yara rules from function basic blocks in x64dbg.
A native Python cross-version decompiler and fragment decompiler.
A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.
A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.
A collection of YARA rules for public use, built from intelligence profiles and file work.
Yara module for Node.js