ProcFilter
ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
The FASTEST Way to Consume Threat Intelligence and make it actionable.
A list of most queried domains based on passive DNS usage across the Umbrella global network.
Silobreaker is an intelligence platform that processes unstructured data from open and dark web sources to support cyber threat intelligence, vulnerability management, and risk assessment workflows.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
NECOMA focuses on data collection, threat analysis, and developing new cyberdefense mechanisms to protect infrastructure and endpoints.
A repository to aid Windows threat hunters in looking for common artifacts.
Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.