ProcFilter Logo

ProcFilter

0
Free
Visit Website

ProcFilter is a process filtering system for Windows with built-in YARA integration. YARA rules can be instrumented with custom meta tags that tailor its response to rule matches. It runs as a Windows service and is integrated with Microsoft's ETW API, making results viewable in the Windows Event Log. Installation, activation, and removal can be done dynamically and does not require a reboot. ProcFilter's intended use is for malware analysts to be able to create YARA signatures that protect their Windows environments against a specific threat. It does not include a large signature set. Think lightweight, precise, and targeted rather than broad or all-encompassing. ProcFilter is also intended for use in controlled analysis environments where custom plugins can perform artifact-specific actions. Designed to be easy to adopt, ProcFilter's integration with Git and Event Log minimize the need for additional tools or infrastructure to deploy rules or gather results. ProcFilter is compatible with Windows 7+ and Windows Server 2008+ systems. Installers ProcFilter x86/x64 Release/Debug Installers Note: Unpatched Windows 7 systems require hotfix 3033929 to load the driver component.

FEATURES

ALTERNATIVES

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

Repository of Yara signatures for detecting targeted attacks on civil society organizations

LOKI is a simple IOC and YARA Scanner for Indicators of Compromise Detection.

RiskAnalytics Solutions offers community projects for cyber threat intelligence sharing and collaboration.

Tool for visualizing correspondences between YARA ruleset and samples

Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.

A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.

A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.

PINNED