Project Icewater
This project provides open-source YARA rules for the detection of malware and malicious files. The anti-virus industry prefers names for a threat. This is my attempt to publish signatures as numbers. Since I find the naming of threats to be confusing and misleading I am attempting to locate threats in a phase-space so that their relationships can be measured, visualized and scientifically described. Each YARA signature in this archive is organized by a prefix and a 64 bit integer. The prefix is an index into file size and file type while the suffix is a 64 bit coordinate in a multi dimensional hyper space. Within a prefix, edit distance may be used to understand how two clusters relate to each other. The Starting Problem The basis of this research and this contribution to internet security is the idea of the Starting Problem which derives itself from Turing complete machines halting problem documented by Allen Turing in 1936. The staring problem I am defining thus: Knowing if a program should be allowed to run without running the program. My solution is to run about 4% of programs and by running them infer if the other 96% should be allowed to run. Icewater is the
FEATURES
SIMILAR TOOLS
Guide on emulating Raspberry Pi with QEMU and exploring Arm TrustZone research.
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
Repository of YARA rules for Trellix ATR blogposts and investigations
A Unix-based tool that scans for rootkits and other malware on a system, providing a detailed report of the scan results.
A collaborative malware analysis framework with various features for automated analysis tasks.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.