YaraHunter
YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware. It uses a YARA ruleset to identify resources that match known malware signatures, and may indicate that the container or filesystem has been compromised. YaraHunter can be used in the following ways: - At build-and-test: scan build artifacts in the CI/CD pipeline, reporting on possible indicators of malware - At rest: scan local container images, for example, before they are deployed, to verify they do not contain malware - At runtime: scan running docker containers, for example, if you observe unusual network traffic or CPU activity - Against filesystems: at any time, YaraHunter can scan local filesystems for indicators of compromise Key capabilities: - Scan running and at-rest containers - Scan filesystems - Scan during CI/CD build operations Run anywhere: highly-portable, docker container form factor Designed for automation: easy-to-deploy, easy-to-parse JSON output YaraHunter is a work-in-progress (check the Roadmap and issues list), and will be integrated into the ThreatMapper threat discovery platform. We welcome any contributions to help improve this tool.
FEATURES
ALTERNATIVES
A command-line utility for examining Objective-C runtime information in Mach-O files and generating class declarations.
A tool that generates Yara rules for strings and their XOR encoded versions, as well as base64-encoded variations with different padding possibilities.
YARA extension for Visual Studio Code with code completion and snippets
Collection of Python scripts for automating tasks and enhancing IDA Pro functionality
Assembler/disassembler for the dex format used by Dalvik, Android's Java VM implementation.
GuardDog is a CLI tool for identifying malicious PyPI and npm packages through heuristics and Semgrep rules.
A tool for translating Dalvik bytecode to equivalent Java bytecode, allowing Java analysis tools to analyze Android applications.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.