468 Open source projects that are alternatives of or similar to yara-rules

Documentation for Zeek

Java-layer Android Malware Simplifier

Carve file metadata from NTFS index ($I30) attributes

A tool for forensic file system reconstruction.

YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.

A simple command-line script to interact with the virustotal-api

Static and dynamic Android application security analysis

Write-ups for FireEye's FLARE-On challenges

Hashes of infamous malware

Norimaci is a simple and lightweight malware analysis sandbox for macOS

Mapping NSM rules to MITRE ATT&CK

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management

ssdeep cluster analysis for malware files

A collection of malware samples caught by several honeypots i manage

OLE Package Format Documentation

《macOS软件安全与逆向分析》勘误

This is a python tool aiming to make using TheHive webhooks easier.

FinSpy for Android technical analysis and tools

DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.

Incident Response - Fast suspicious file finder

Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc

Final project for the M.Sc. in Engineering in Computer Science at Università degli Studi di Roma "La Sapienza" (A.Y. 2016/2017).

A VBA parser and emulation engine to analyze malicious macros.

r2yara - Module for Yara using radare2 information

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..

HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.

A collection of malware samples and relevant dissection information, most probably referenced from http://blog.inquest.net

whohk，linux下一款强大的应急响应工具 在linux下的应急响应往往需要通过繁琐的命令行来查看各个点的情况，有的时候还需要做一些格式处理，这对于linux下命令不是很熟悉的人比较不友好。本工具将linux下应急响应中常用的一些操作给集合了起来，并处理成了较为友好的格式，只需要通过一个参数就能代替繁琐复杂的命令来实现对各个点的检查。

Funnel is a lightweight yara-based feed scraper

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework

Android Reverse-Engineering Workbench for VS Code

Leaked Linux.Mirai Source Code for Research/IoC Development Purposes

One of the few malware collection

The PE file analysis toolkit

Various snippets created during malware analysis

Parses Windows event logs files based on SANS Poster

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

SSMA - Simple Static Malware Analyzer [This project is not maintained anymore by me]

JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module

Personal research and publication on malware families

Digital Forensics Investigation Platform

This project is a SIEM with SIRP and Threat Intel, all in one.

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Timeline of Active Directory changes with replication metadata

Sandbox for semi-automatic Javascript malware analysis, deobfuscation and payload extraction. Written for Node.js

Browser extension adware (showHomebrewOverlayOuter)

Android security & privacy analysis for the masses

Capture passwords of login attempts on non-existent and disabled accounts.

A repo that contains recursive directory listings (using PowerShell) of a vanilla (clean) install of every Windows OS version to compare and see what's been added with each update.

Simple windows API logger

No description or website provided.

Cortex Analyzers Repository

A Simple PE File Heuristics Scanners

Recon Hunt Queries