Information Security
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
DRAKVUF Sandbox DRAKVUF Sandbox is an automated black-box malware analysis system with a DRAKVUF engine under the hood. This project provides you with a friendly web interface that allows you to upload suspicious files to...
Malwoverview Malwoverview.py is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware samples, suspect URL and domains. Additionally, it allows us to download and...
EmoCheck Emotet detection tool for Windows OS. How EmoCheck detects Emotet (v0.0.1) Emotet generates their process name from a specific word dictionary and C drive serial number. EmoCheck scans the running process on the...
saferwall Saferwall is an open-source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generate an...
capa capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the...
Zelos Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of Zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are emulated to isolate the...
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes it possible to search/scan IOC via the context menu. Features Supported IOC types...
IRMA: Incident Response & Malware Analysis IRMA is an asynchronous and customizable analysis system for suspicious files. This repository is a subproject of IRMA and contains the source code for IRMA’s Frontend, which is...
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything...
Suggested Reading