mkYARA
Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYARA aims to automate this part of writing rules by generating executable code signatures that wildcard all these little pieces of executable code that are not static. Installation is as easy as installing the pip package. pip install mkyara Usage: import codecs from capstone import CS_ARCH_X86, CS_MODE_32 from mkyara import YaraGenerator gen = YaraGenerator("normal", CS_ARCH_X86, CS_MODE_32) gen.add_chunk(b"\x90\x90\x90", offset=1000) gen.add_chunk(codecs.decode("6830800000E896FEFFFFC3", "hex"), offset=0x100) gen.add_chunk(b"\x90\x90\x90\xFF\xD7", is_data=True) rule = gen.generate_rule() rule_str = rule.get_rule_string() print(rule_str) Standalone Tool: mkYARA comes with a standalone tool that is cross platform, as in, it can create signatures for Windows binaries running under Linux. Usage: mkyara [-h] [-i {x86}
FEATURES
ALTERNATIVES
A Burp Suite plugin for automatically adding XSS and SQL payload to fuzz
Binary analysis and management framework for organizing malware and exploit samples.
PLASMA is an interactive disassembler with support for various architectures and formats, offering a Python API for scripting.
A project providing open-source YARA rules for malware and malicious file detection
A de-obfuscator for M/o/Vfuscator, a notorious obfuscator, designed to reverse the effects of M/o/Vfuscator's obfuscation.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.