Browsing category
MoP (“Master of Puppets”) is an open source framework for reverse engineers who wish to create and operate trackers for new malware found in the wild for research purpose. To make it simple – MoP framework takes care of all the generic malware tracker stuff so the reverse engineer is left with pure reverse engineering […]
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible […]
Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level. The toolkit allows you to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. BT3 – Blue Team Training Toolkit Adversary […]
YARA is an open-source tool designed to help malware researchers identify and classify malware samples. It makes it possible to create descriptions (or rules) for malware families based on textual and/or binary patterns. YARA in a nutshell YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware […]
Malicious is a malware downloading tool written in python 2 that contains 70 scripts to exploit android, windows, macosx and linux machines. Malicious Malware Software Install Malicious Malware on Termux $termux-setup-storage $cd /sdcard $pkg install git $pkg install python2 $pkg install ruby $gem install lolcat $git clone https://github.com/Hider5/Malicious $cd Malicious $pip2 install -r requirements.txt $python2 […]
REDasm is an interactive, multiarchitecture disassembler written in modern C++11 using Qt5 as UI Framework, its core is modular and it can be easily extended in order to support new file formats and instruction sets. Formats & Assemblers Support Formats Portable Executable 32/64 bits ELF Executable 32/64 bits, Little/Big endian Sony Playstation 1 Executable PsyQ […]
NSA released Ghidra a free reverse Engineering tool for Malware analyst with an interactive GUI capability that runs on various platforms including Windows, Mac OS, and Linux and supports a number of processor modules. Ghidra gives flexibility for users to create additional plug-in components and scripts using Java or Python. It helps in analyzing malicious […]
Malboxes is a tool to streamline and simplify the creation and management of virtual machines used for malware analysis. Building analysis machines is a tedious task. One must have all the proper tools installed on a VM such as a specific version of vulnerable software (ie: Flash), Sysinternal tools, debuggers (Windbg), network traffic analyzers (Wireshark), […]
To run flawfinder, simply give flawfinder a list of directories or files. For each directory given, all files that have C/C++ filename extensions in that directory (and its subdirectories, recursively) will be examined. Thus, for most projects, simply give flawfinder the name of the source code’s topmost directory (use ‘‘.’’ for the current directory), and […]
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware reverse engineering and threat intelligence. […]
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. You can use it just like strings.exe to enhance basic static analysis of unknown binaries. Rather than heavily protecting backdoors with hardcore packers, many malware authors evade heuristic detections by obfuscating only key portions of an […]
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists. where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for […]
PEframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti-virtual machine, suspicious sections and functions, and much more information about the suspicious files. Requirements: Python 2.7.x Installation: To install from PyPI: # […]
There are plenty of tools for behavioral malware analysis. The defacto standard ones, though, are Sysinternals’s Process Monitor (also known as Procmon) and PCAP generating network sniffers like Windump, Tcpdump, Wireshark, and the like. These “two” tools cover almost everything a malware analyst might be interested in when doing behavioral malware analysis. But there’s a […]
FLARE VM is the first of its kind freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, […]
A large number of computer intrusions involve some form of malicious software (malware), which finds its way to the victim’s workstation or to a server. When investigating the incident, the IT responder typically seeks to answer questions such as: What actions can the malware specimen perform on the system? How does it spread? How, if […]
Just another manual code analysis tool and static analysis tool Codewarrior runs at HTTPd with TLS, uses KISS principle( https://en.wikipedia.org/wiki/KISS_principle ) Directories: web/ = local of javascripts and html and css sources src/ = C source code, this code talking with web socket eggs/ = external modules to search codes using regex conf/whitelist.conf = list […]