-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Vishal Thakur edited this page Aug 24, 2023
·
4 revisions
Vovk is a WinDbg extension (plugin) that can be used to create Yara Rules. More on Vovk here.
Vovk is a dynamic analysis framework that can be used as a module with the debugger (WinDBG). Vovk consists of is a DLL (the extension), built using both WdbgExts and DbgEng frameworks and an executable (EXE) that creates the actual ruleset. Yara rules created using Vovk are based on 'dynamic' analysis, aka 'unpacked malware' as it is used as a part of the debugger. The resulting rules are very accurate and specific to the files being analysed.
Full post on Medium: https://malienist.medium.com/vovk-advanced-yara-rule-generator-3dff64e31fbb