AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine or process sensitive information (e.g. data leak prevention). Features Modular architecture to handle streams of unstructured […]
DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. DECAF++ DECAF++, the new version of DECAF, taint analysis is around 2X faster making it the fastest, to the best of our knowledge, whole-system dynamic taint analysis framework. This results in a much better usability imposing only 4% overhead […]
XSpear is a XSS Scanner on ruby gems with tons of features for exploiting XSS. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser (with Selenium) Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testing Blind XSS (with […]
PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line. Prerequisites […]
AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading […]
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans. On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes. Seccubus […]
Information security audit specialists reported a data breach incident in the major clinical company Quest Diagnostics that occurred last Monday; according to the company, an unauthorized actor obtained access to the records (including medical and financial data) of nearly 12 million of the company’s clients. The news of the incident began to spread after Quest […]
Cybercriminals execute malware attacks using different attack vectors and using different methods. The number of malware strains is increasing in an unprecedented manner and hence malware analysis today is not an easy job. In the present context, automated malware analysis is a necessity. Let’s discuss today the different aspects of automated malware analysis in the […]
Malware Analysis: An Introduction Cybercriminals are turning more sophisticated and innovative, new and advanced varieties of malware are coming up and malware detection is turning out to be a real challenge. Malware analysis, which involves analyzing the origin, the functionalities and the potential impact of any malware sample, is of key importance as regards cybersecurity […]
This software project is a result of a Bachelor’s thesis created at SCHUTZWERK in collaboration with Aalen University by Philipp Schmied.Please refer to the corresponding blog post for more information. Why another CAN tool? Built from scratch with new ideas for analysis mechanisms Bundles features of many other tools in one place Modular and extensible: […]
Malboxes is a tool to streamline and simplify the creation and management of virtual machines used for malware analysis. Building analysis machines is a tedious task. One must have all the proper tools installed on a VM such as a specific version of vulnerable software (ie: Flash), Sysinternal tools, debuggers (Windbg), network traffic analyzers (Wireshark), […]
PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including: WiFi (WiFi network summary, Detecting beacon, deauth floods etc.) HTTP (Listing […]
stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed to be enterprise ready and scalable, while also being lean […]
stoQ is an automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps team the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. It was designed to be enterprise-ready and scalable, while also being lean enough […]
dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box: […]
Looking for an automated malware analysis software? Something like a 1-click solution that doesn’t require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and […]
A tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. @MalwareCantFly Features Keyword highlighting VBA Properties support External function declarion support Tricky macros with “_Change” execution triggers Fancy […]
Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation: Manticore automatically generates inputs that trigger unique code paths Crash Discovery: Manticore discovers inputs that crash programs via memory safety violations Execution Tracing: Manticore records an instruction-level trace of execution […]
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. How to build git clone https://github.com/gmdutra/docker-inurlbr.git cd docker-inurlbr docker build -t gmdutra/inurlbr . Run docker run –name inurlbr -it -d gmdutra/inurlbr -h –help Alternative long length […]
BlobRunner is a simple tool to quickly debug shellcode extracted during malware analysis. BlobRunner allocates memory for the target file and jumps to the base (or offset) of the allocated memory. This allows an analyst to quickly debug into extracted artifacts with minimal overhead and effort. To use BlobRunner, you can download the compiled executable […]
frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn’t implement function stubs or proxies within the targeted scripting language. This allows it to support analyzing a few different script types such […]