Security Training Share
idenLib – Library Function Identification When analyzing malware or 3rd party software, it’s challenging to identify statically linked libraries and to understand what a function from the library is doing. idenLib.exe is a tool...
box.js A utility to analyze malicious JavaScript. Installation Simply install box-js from npm: npm install box-js –global Usage Looking to use box-js with Cuckoo? Use cuckoo-package.py as an analysis package. Let’s say you have a sample...
MISP – Malware Information Sharing Platform and Threat Sharing MISP, Malware Information Sharing Platform, and Threat Sharing is an open source software solution for collecting, storing, distributing and sharing cybersecurity indicators and threat about...
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything...
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps a variety of implants within the...
mpDNS aka multi-purpose DNS Server DNS Server with multiple useful features Should work on Python 2 and 3 names.db -> holds all custom records (see examples) Simple wildcards like *.example.com Catch unicode dns requests...
commando-vm CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming. Installed Tools Active Directory Tools Remote Server Administration Tools (RSAT) SQL Server Command Line Utilities Sysinternals Command & Control...
Cmulator – Scriptable x86 RE Sandbox Emulator Cmulator is ( x86 – x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine & javascript. Supported Architectures:...
Sigma Generic Signature Format for SIEM Systems What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is...
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities....
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes possible to search / scan IOC via the context menu. Features Supported IOC...
pcodedmp.py – A VBA p-code disassembler It is not widely known, but macros are written in VBA (Visual Basic for Applications; the macro programming language used in Microsoft Office) exist in three different executable...
DECAF DECAF(short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension...
MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In...
