PolyMorph tackles a modern blind spot in malware detection: polyglot binaries that are valid in multiple formats (APE, Zig, WASM) and intentionally crafted to evade AV/EDR. If you care about threat hunting, red-team tooling, or hardening supply chains, this repo is a compact, pragmatic tool for finding cross-platform threats and WASM cryptominers that slip past signature-based scanners.
GitHub
What it does?
• Detects APE (Actually Portable Executable) polyglots that can run on multiple OSes, Zig-based evasive payloads that use direct syscalls, and malicious WASM modules (cryptomining & GPU abuse).
• Lightweight Rust implementation with YARA rules and CLI examples for batch and JSON output designed for integration into pipelines and triage tooling.
• Goal: give analysts a first-pass detector that flags suspicious imports, cryptominer patterns, and multi-format trickery so you can prioritize deeper analysis.
Looking for feedback: would YC Cybersecurity folks and fellow infosec hackers be interested in integrating PolyMorph into threat-hunting stacks or extending it into a lightweight runtime sandbox for behavioral correlation?
matteopisani•2h ago
What it does? • Detects APE (Actually Portable Executable) polyglots that can run on multiple OSes, Zig-based evasive payloads that use direct syscalls, and malicious WASM modules (cryptomining & GPU abuse). • Lightweight Rust implementation with YARA rules and CLI examples for batch and JSON output designed for integration into pipelines and triage tooling. • Goal: give analysts a first-pass detector that flags suspicious imports, cryptominer patterns, and multi-format trickery so you can prioritize deeper analysis.
Looking for feedback: would YC Cybersecurity folks and fellow infosec hackers be interested in integrating PolyMorph into threat-hunting stacks or extending it into a lightweight runtime sandbox for behavioral correlation?