Project Icewater Logo

Project Icewater

0
Free
Visit Website

This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described. Each YARA signature in this archive is organized by a prefix and a 64 bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multi dimensional hyper space. Within a prefix, edit distance may be used to understand how two clusters relate to each other. The Starting Problem The basis of this research and this contribution to internet security is the idea of the Starting Problem which derives itself from Turing complete machines halting problem documented by Allen Turing in 1936. The staring problem I am defining thus: Knowing if a program should be allowed to run without running the program. My solution is to run about 4% of programs and by running them infer if the other 96% should be allowed to run. Icewater is the

FEATURES

ALTERNATIVES

A debugger tool for reverse engineers, crackers, and security analysts, with a user-friendly debugging UI and custom agent support.

YARA rules for ProcFilter to detect malware and threats

Multi-cloud antivirus scanning API with CLAMAV and YARA support for AWS S3, Azure Blob Storage, and GCP Cloud Storage.

A library for running basic functions from stripped binaries cross platform.

YARA syntax highlighting for Gtk-based text editors

A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.

A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.

A tool that scans a corpus of malware and builds a YARA rule to detect similar code sections.