ConventionEngine

Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.

ConventionEngine: A Collection of Yara Rules

ConventionEngine is a set of Yara rules designed to identify Portable Executables (PEs) that contain PDB paths featuring unique, unusual, or clearly malicious keywords, terms, or other characteristics.

For Further Reading on the Context

For additional insights on the context, please refer to the @FireEye blog series on this topic. Keywords = These are string words used by malware developers to categorize files, folders, and code projects. They often describe the functionality of the malware. Terms = These are string words that appear in paths due to operating system, software, or user behavior. They often suggest that the developer is working independently or that the code project is not being created for an "enterprise" software product. Anomalies = These refer to other occurrences that are less common but may be suspicious or indicate various behaviors. See also here: https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/definitive_dossier_pdb_yara_appendix.pdf

Other AI Tools

PwnAuth

Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.

Details

Project Zero iPhone Messaging Tools

MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.

Details

Projectdiscovery.io | Chaos

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details