Search Results for "yara"
Sort By:
Showing 18 open source projects for "yara"
View related business solutions-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
Earn up to 16% annual interest with Nexo.Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
1
YARA
The pattern matching swiss knife for malware researchers
...If you plan to use YARA to scan compressed files (.zip, .tar, etc) you should take a look at yextend, a very helpful extension to YARA developed and open-sourced by Bayshore Networks. -
2
MemProcFS Analyzer
Automated Forensic Analysis of Windows Memory Dumps for DFIR
MemProcFS-Analyzer is a forensic analysis toolset that builds on the MemProcFS virtual filesystem to make volatile memory artefacts easier to browse and interpret. By exposing process memory, kernel objects, and derived artifacts as regular files, the framework lets analysts use familiar filesystem operations and standard tools (editors, grep, diff) to explore memory snapshots. The Analyzer layer adds higher-level parsing and extraction routines—for example, carving strings, locating... -
3
ImHex
A Hex Editor for Reverse Engineers, Programmers
ImHex is a Hex Editor, a tool to display, decode and analyze binary data to reverse engineer their format, extract informations or patch values in them. What makes ImHex special is that it has many advanced features that can often only be found in paid applications. Such features are a completely custom binary template and pattern language to decode and highlight structures in the data, a graphical node-based data processor to pre-process values before they're displayed, a disassembler,... -
4
IntelOwl
Centralized platform for automated threat intelligence analysis
...The system features a modular architecture built around plugins that allow new analyzers, connectors, and integrations to be added easily. These plugins can collect data from external intelligence platforms or generate insights using internal analysis tools such as YARA or static malware analyzers. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
GRR
GRR Rapid Response, remote live forensics for incident response
GRR Rapid Response is an incident response framework focused on remote live forensics. It consists of a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR client is deployed on systems that one might want to investigate. On every such system, once... -
6
HydraDragonAntivirus
Windows antivirus gui for ClamAV, YARA and my machine learning
It's no longer cross platform please switch to github repo -
7
Elkeid
Open source solution that can meet the requirements of workloads
Elkeid is an open-source platform for security and intrusion-detection that aims to support a wide variety of deployment contexts — from bare-metal hosts to containers, Kubernetes clusters, and even serverless environments. It was born out of ByteDance’s internal security best practices, offering for community users a subset of its enterprise-grade capabilities. Elkeid combines kernel-level data collection, user-space agents, and runtime instrumentation (RASP) to detect malicious behavior,... -
8
optiSCAN
Scanner antivirus gratuit (ClamAV + YARA) pour Windows
🛡️ optiSCAN — Antivirus gratuit pour Windows 10/11 Scanner antivirus combinant ClamAV (GPL-2.0) et les règles YARA-Forge pour détecter virus, malwares et comportements suspects. Interface Material Design, entièrement en français et en Anglais. Fonctionnalités : - Analyse à la demande — fichiers, dossiers ou disque entier - Clic droit dans l'Explorateur Windows pour scanner instantanément - Mise en quarantaine et nettoyage des menaces - Mises à jour automatiques des signatures ClamAV et YARA - Ajouter le dossier optiSCAN manuellement comme exclu de l'analyse après installation - Export PDF des rapports d'analyse - Aucun compte requis — aucune publicité — aucune télémétrie Prérequis : Windows 10 (v1809+) ou Windows 11 · .NET 8 Desktop Runtime Licence : Freeware — usage personnel et redistribution à l'identique autorisés. ... -
9
A professional PE (Portable Executable) analysis and modification tool for Windows executables and DLLs.
-
Build Securely on AWS with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
10
HydraDragonAntivirus
Open Source Antivirus/XDR for Windows operating system
Dynamic and static analysis with Real Time Malware Analysis with Antivirus for Windows, including open-source XDR (3 EDR projects), ClamAV, YARA-X, machine learning AI, behavioral analysis, Unpacker, Deobfuscator, Decompiler, website signatures, Ghidra, Suricata, Sigma, Kernel, Hypervisior based protection and much more than you can imagine. -
11
DeepBlueCLI
PowerShell Module for Threat Hunting via Windows Event Logs
DeepBlueCLI is a PowerShell-centric threat-hunting toolkit built to extract, normalize, and flag suspicious activity from Windows event logs and Sysmon telemetry. It parses common sources—including Windows Security, System, Application, PowerShell logs, and Sysmon event ID 1—then applies a rich set of detection heuristics for things like suspicious account changes, password guessing and spraying, service tampering, PowerShell obfuscation and download-string usage, long or unusual command... -
12
IDA Signsrch
IDA Pro plug-in of Luigi Auriemma's signsrch signature matching tool.
IDA Pro plug-in conversion of Luigi Auriemma's signsrch signature matching tool. * Deprecated, will no longer be updated, please see my use my superior YARA for IDA plugin here: https://github.com/kweatherman/yara4ida * July 2018, updated to IDA 7.1 Luigi's original signsrch description: "Tool for searching signatures inside files, extremely useful as help in reversing jobs like figuring or having an initial idea of what encryption/- compression algorithm is used for a proprietary protocol or file. ... -
13
Detekt
Malware triaging tool
Detekt is a free Python tool that scans your Windows computer (using Yara, Volatility and Winpmem) for traces of malware. Specifically, it can detect the presence of pre-defined patterns which are unique identifiers of commercial surveillance spyware FinFisher FinSpy and HackingTeam RCS. Note however, that Detekt may not be able to detect the most recent versions of those malware families. They may have been updated or have other versions not detected by this tool. -
14
PhishBlock
A program that detects and blocks phishing, pharming, Hacker's C&C.
PhishBlock is a security program that detects and blocks Phishing, Pharming, Hacker’s C&C(Command and Control) Servers which are located in databases with URLs, DNS hostnames, and IP Addresses. This program detects and blocks Malware URLs, bad Hosts, and bad IP addresses. Recently, most malware codes are delivered covertly to users’ personal computers through Google ads, SNS, Blogs, BBS and so on, which users visit often. And After the malware codes connect the C&C server(or... -
15
HoneyDrive
Honeypots in a box! HoneyDrive is the premier honeypot bundle distro.
HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients and more. Additionally it includes many useful pre-configured scripts and utilities to... -
16
-
17
Yara is a fast, embeddable RSS aggregator and parser. It is written in C++ and exposes a very simple API in C.
-
18
TraceTree
TraceTree - Runtime behavioral analysis tool that maps the process cas
...It sandboxes packages inside Docker, attaches strace to capture every syscall, and builds a directed graph of the full process cascade: every file touched, every network call made, every child process spawned. That graph gets fed into a RandomForest classifier trained on real malware samples, plus YARA rules and n-gram syscall pattern matching, to flag behavioral signatures that static scanners and install-time checks completely miss. The output is a SARIF report you can pipe directly into your security toolchain. TraceTree also includes a dedicated MCP server security module, because as AI agents proliferate, MCP servers have become a live attack surface that nobody was watching. ...
- Previous
- You're on page 1
- Next
