IceBuddha

IceBuddha was a project to see how far I could take the capabilities of a web front-end as a UI. It is a hex-viewer and generic binary file parser, that runs entirely browser-side. It is actually hosted on github pages entirely. When you drag and drop a file to it, it loads it locally into memory (it does not upload the file anywhere).

It parses files by reading python code that you can edit in your browser. That python code is then run through skulpt in order to convert it to javascript (again, all in your browser). Using this python/javascript file description, it parses the binary file and presents a unique UI to view this data from. This includes functionality like color coding the different structures. The UI also features a unique infinite-scroll view that only loads the relevant hex data for the porition of the file in the viewing area, but it properly maintains the scroll bar positions so they don't lurch and jump around like most infinite scrolls do (ex. twitter).

Source code


SlopFinder

SlopFinder is sort of a sub-project of IceBuddha. You can drag and drop

entire folders into SlopFinder and it will parse any executable files (from in the browser) to determine if they were compiled with DEP and ASLR. See this post for a description of how i used it to check some common Windows apps.


OpenHIPS

OpenHIPS (Open-source Host Intrusion Prevention System) was mostly just an excuse to play with YARA back when it first came out, to play with C# code, and make a complete Windows application. The concept is a DLL will be loaded into different processes on the system, and periodically this DLL will scan the memory of these processes using YARA signatures to look for known shellcode. This is not a super smart idea as it will have performance issues and isn't a great protection idea anyway. But anyway, the project is cool because it's a complete Windows app:
  • The project should run on all versions of Windows from 2000 to Windows 7, both 32-bit and 64-bit.
  • C# code for a a simple GUI, that is accessible from a Windows tray icon, and a Windows service.
  • At the time, it was the only YARA compilation for Windows as a library and also as 64-bit code.
  • A related blog post I wrote for this project was the only resource for showing how to write YARA scripts for shell-code and one of the few resources anywhere at the time for how to use YARA.
  • The only example of WiX code at the time for showing an actual complete installer that does anything beyond just writing files to a specific directory.

See this post for more info.

Source code