ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.
A nonprofit security organization that collects and shares threat data to make the Internet more secure.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
VirusTotal API v3 is a threat intelligence platform for scanning files, URLs, and IP addresses, and retrieving reports on threat reputation and context.
A comprehensive Threat Intelligence Program Management Solution for managing the entire CTI lifecycle.