Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ XPR-dump Public

Helper scripts to automate the extraction of YARA rules from XProtectRemediators

22 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ald3ns/XPR-dump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
notes
notes
 
 
output
output
 
 
rules
rules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
setup.sh
setup.sh
 
 
xpr-dump.py
xpr-dump.py
 
 

Repository files navigation

XPR-dump

This repo contains all the supporting material for this blog post: https://alden.io/posts/secrets-of-xprotect/.

Keep in mind that if you don't have a commercial Binary Ninja license, you won't be able to run the extractor headlessly. You can still run it from within the app via File > Run Script....

Repo Structure

Files

  • setup.sh: a helper script to copy the remediators and perform extraction
  • xpr-dump.py: a binaryninja script to dump the strings from an XPR

Folders

  • /rules: all the cleaned YARA rules
  • /output: the raw output from string decryption
  • /notes: a collection of notes about a subset of the YARA rules

About

Helper scripts to automate the extraction of YARA rules from XProtectRemediators

Resources

Readme
Activity

Stars

22 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages