8 dépôts
Searching for specific byte sequences within executable files and documents.
Distinguishing note: None of the candidates cover general binary byte-sequence matching; they focus on domain names or generic data structures.
Explore 8 awesome GitHub repositories matching security & cryptography · Binary Pattern Matching. Refine with filters or upvote what's useful.
YARA is a pattern matching engine and binary analysis tool used to identify and classify malware samples. It functions as a malware research framework that allows for the definition of file descriptions and detection rules to find indicators of compromise within binaries. The system enables the creation of custom detection rules using strings, wildcards, and regular expressions. These rules use boolean logic to match textual or binary patterns, allowing for the classification of files into specific malware families and the automation of threat intelligence. The engine utilizes Aho-Corasick s
Searches through executable files for specific byte sequences to identify software versions or hidden threats.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Identifies obfuscation tools by scanning binary headers and metadata for known byte-sequence signatures.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Identifies protection tools by matching specific byte patterns within binary metadata.
The Rust RFCs repository is the formal home for the Rust language evolution process, housing the structured design documents and community review mechanisms that govern changes to the Rust programming language, its compiler, and its standard library. It defines the complete lifecycle for proposing, discussing, and implementing substantial changes through RFC documents, from initial submission and community feedback through final comment periods and sub-team sign-offs. The repository codifies the governance and collaboration processes that shape Rust's development, including mechanisms for com
Enables pattern matching on byte arrays using byte literal syntax in match expressions.
This project is a community-curated repository of YARA rules used to detect malware, webshells, and other malicious patterns in files. It serves as a dataset of signatures for identifying known malware families, software packers, and threat intelligence indicators. The collection provides specialized detection capabilities for identifying exploit kits and anti-analysis evasion techniques, such as anti-debugging and anti-virtualization methods. It also includes signatures for cryptographic algorithm detection and the identification of unauthorized remote administration tools on servers. The r
Provides signatures for searching specific byte sequences within executable files and documents to identify malware.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Scans process heap and mapped memory regions for Dalvik Executable magic bytes and structural markers using pattern-based search.
pyinstxtractor is a PyInstaller executable unpacker and Python bytecode recovery tool. It functions as a helper for decompiling compiled Python binaries by extracting bundled binaries and bytecode from executables created with PyInstaller. The project includes a bytecode decryptor to remove encryption from extracted files and a header repair tool that restores corrupted headers. These capabilities ensure that extracted compiled files are compatible with bytecode decompilation software. The utility covers reverse engineering of Python applications, supporting malware analysis workflows throug
Searches for specific byte sequences in executables to identify the boundaries of embedded files.
Flare-floss is a security utility and static binary string extractor designed to uncover hidden text and configuration data within compiled binaries. It functions as an obfuscated string decoder and reverse engineering tool to translate encoded strings into readable text for security auditing. The project employs emulated execution to capture the decrypted state of strings in memory by running small chunks of binary code in a virtual CPU. It further utilizes static analysis disassembly, intermediate representation analysis, and heuristic-based pattern matching to identify and decode strings t
Scans binary data for specific byte sequences and opcodes to identify obfuscated string routines.