IceBuddha was a project to see how far I could take the capabilities of a web front-end as a UI. It is a hex-viewer and generic binary file parser, that runs entirely browser-side. It is actually hosted on github pages entirely. When you drag and drop a file to it, it loads it locally into memory (it does not upload the file anywhere).
is sort of a sub-project of IceBuddha. You can drag and drop
entire folders into SlopFinder and it will parse any executable files (from in the browser) to determine if they were compiled with DEP and ASLR. See this post for a description of how i used it to check some common Windows apps.
OpenHIPS (Open-source Host Intrusion Prevention System) was mostly just an excuse to play with YARA
back when it first came out, to play with C# code, and make a complete Windows application. The concept is a DLL will be loaded into different processes on the system, and periodically this DLL will scan the memory of these processes using YARA signatures to look for known shellcode. This is not a super smart idea as it will have performance issues and isn't a great protection idea anyway. But anyway, the project is cool because it's a complete Windows app:
- The project should run on all versions of Windows from 2000 to Windows 7, both 32-bit and 64-bit.
- C# code for a a simple GUI, that is accessible from a Windows tray icon, and a Windows service.
- At the time, it was the only YARA compilation for Windows as a library and also as 64-bit code.
- A related blog post I wrote for this project was the only resource for showing how to write YARA scripts for shell-code and one of the few resources anywhere at the time for how to use YARA.
- The only example of WiX code at the time for showing an actual complete installer that does anything beyond just writing files to a specific directory.
See this post for more info.