FLARE-VM
FLARE-VM is a collection of software installation scripts for Windows systems designed for setting up and maintaining a reverse engineering environment on a virtual machine.
This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described. Each YARA signature in this archive is organized by a prefix and a 64 bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multi dimensional hyper space. Within a prefix, edit distance may be used to understand how two clusters relate to each other. The Starting Problem The basis of this research and this contribution to internet security is the idea of the Starting Problem which derives itself from Turing complete machines halting problem documented by Allen Turing in 1936. The staring problem I am defining thus: Knowing if a program should be allowed to run without running the program. My solution is to run about 4% of programs and by running them infer if the other 96% should be allowed to run. Icewater is the
FLARE-VM is a collection of software installation scripts for Windows systems designed for setting up and maintaining a reverse engineering environment on a virtual machine.
YARA module for supporting DCSO format bloom filters with hashlookup capabilities.
TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.
A blog post discussing INF-SCT fetch and execute techniques for bypass, evasion, and persistence
OCaml wrapper for YARA matching engine for malware identification
A tool designed to handle archive file data and augment Yara's capabilities.