Halogen is a tool to automate the creation of yara rules based on the image files embedded within a malicious document. This can assist cyber security professionals in writing detection rules for malicious threats as well as help responders in identifying with particular threat they are dealing with. Currently, Halogen is able to create rules based on JPG and PNG files. Usage: halogen.py [-h] [-f FILE] [-d DIR] [-n NAME] [--png-idat] [--jpg-sos] [--jpg-sof2sos] [--jpg-jump] [-c CONTAINER] [--clam] [--rprefix RPREFIX] Halogen: Automatically create yara rules based on images embedded in office documents. Optional arguments: -h, --help show this help message and exit -f FILE, --file FILE File to parse -d DIR, --directory DIR directory to scan for image files. -n NAME, --rule-name NAME specify a custom name for the rule file --png-idat For PNG matches, instead of starting with the PNG file header, start with the IDAT chunk. --jpg-sos For JPG matches, skip over the header and look for the Start of Scan marker, and begin the match there. --jpg-sof2sos for JPG matches, skip over the header and match the SOF all the way to the SOS + 45 bytes of the data
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
Scan files or process memory for Cobalt Strike beacons and parse their configuration.
A minimalistic Java library for representing threat model data in a normalized way and automating threat intelligence extraction.
Create deceptive webpages to deceive and redirect attackers away from real websites by cloning them.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.