Skip to content
/ XPR-dump Public

Helper scripts to automate the extraction of YARA rules from XProtectRemediators

19 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ald3ns/XPR-dump

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ald3nsald3ns
Update setup.sh
Mar 5, 2024
510bf67 · Mar 5, 2024

History

13 Commits
notes
notes
Mar 5, 2024
output
output
Mar 5, 2024
rules
rules
Mar 5, 2024
.gitignore
.gitignore
Feb 26, 2024
README.md
README.md
Mar 5, 2024
setup.sh
setup.sh
Mar 5, 2024
xpr-dump.py
xpr-dump.py
Mar 5, 2024

Repository files navigation

XPR-dump

This repo contains all the supporting material for this blog post: https://alden.io/posts/secrets-of-xprotect/.

Keep in mind that if you don't have a commercial Binary Ninja license, you won't be able to run the extractor headlessly. You can still run it from within the app via File > Run Script....

Repo Structure

Files

  • setup.sh: a helper script to copy the remediators and perform extraction
  • xpr-dump.py: a binaryninja script to dump the strings from an XPR

Folders

  • /rules: all the cleaned YARA rules
  • /output: the raw output from string decryption
  • /notes: a collection of notes about a subset of the YARA rules

About

Helper scripts to automate the extraction of YARA rules from XProtectRemediators

Resources

Readme
Activity

Stars

19 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages