base64_substring
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
Revoke-Obfuscation is a PowerShell v3.0+ compatible PowerShell obfuscation detection framework. It was designed to highlight the limitations of a purely signature-based approach to detecting attackers' usage of PowerShell. It provides a new, scalable means of generically detecting both known and unknown obfuscation techniques. Authors: Daniel Bohannon (@danielhbohannon) Lee Holmes (@Lee_Homes) Research Blog Post: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html White Paper: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/revoke-obfuscation-report.pdf
A tool for malware analysts to search through base64-encoded samples and generate yara rules.
A tool that executes programs in memory from various sources
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
A collection of publicly available YARA rules for detecting and classifying malware.
A disassembly framework with support for multiple hardware architectures and clean API.
A tool to find XSS vulnerabilities in web applications