refinery
refinery copied to clipboard
binref
High Octane Triage Analysis
In fcc36d8aa9bebf779a07d7363359fa01dc3a684b, I added some extremely weak PowerShell support, this was improved slightly in 504f0155ad6f91536085e27f63f4d178af9591ab. The main issues are the following: 1. https://github.com/PowerShell/PowerShell/issues/1908 2. https://github.com/PowerShell/PowerShell/issues/559 Our current [workaround](https://github.com/binref/refinery/blob/master/refinery/lib/powershell.py#L161-L173) is to:...
* General typos (to => too, of => if, a a => a, ...). * Open compounds are normally not hyphenated (side-effect => side effect). * Some other phrases are...
### Specification It is possible to weaponize .chm files but binref can't extract this files. There is a python lib [PyCHM](https://github.com/dottedmag/pychm/tree/master) but this is just a wrapper for this c...
`vstack` unit fails to execute on binref installations with Python 3.12 due to failed Unicorn import
### Description When running the `vstack` unit on an installation of Binary Refinery in a Python virtual environment running Python 3.12, I kept seeing the following error: ``` failure in...
As per #61, it might be useful to have `xtnsis` provide a synthetic file that represents the setup script bytecode.
This issue tracks https://github.com/lief-project/LIEF/issues/1110, which is currently the main blocker for switching completely to LIEF as our executable parsing abstraction layer. This would replace 3 dependencies, some of them rather...
While [the tests pass](https://github.com/binref/refinery/actions/runs/19538352987/job/55937917687), it looks like upgrading to unicorn 2.1.4 caused a lot of exceptions to be thrown in the Windows runner environment. This is reported upstream as https://github.com/unicorn-engine/unicorn/issues/2264.
We currently require `peekpdf
The goal of this issue is to Implement unpacking of RAR archives in refinery. > [!WARNING] > RAR unpacking is highly complex. The format defines its own virtual machine, similar...
The LZMS mode for MS compression: https://github.com/binref/refinery/blob/6b5332f350882b753f23205dd0946e47688d3f48/refinery/units/compression/mscf.py#L29 is not currently implemented: https://github.com/binref/refinery/blob/6b5332f350882b753f23205dd0946e47688d3f48/refinery/units/compression/mscf.py#L145 I have not yet come across a malware sample that uses this, though, so this remains a low...