Uncategorized
- All Things Symantec - This post contains information on my research into Symantec Endpoint Protection logs, quarantine, and ccSubSDK files. Content will be updated regularly
- ERNW WHITEPAPER 71 analysis of antivirus software quarantee files
Windows Defender
- commial/experiment - windows-defender/ASR - This repository tries to describe what the rules are and what they actually check - ASR是Lua脚本实现的,但Lua引擎是改过的,需要先用里面的脚本转化成luadec可以返汇编的格式
- commial/experiments - windows-defender/VDM - Windows Defender's VDM Format
- roadwy/DefenderYara - Extracted Yara rules from Windows Defender mpavbase and mpasbase