Security Training Share
malscan ClamAV-based malware scanner for Linux web servers. malscan is a scanning platform for Linux servers that simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all...
rosenbridge Overview project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel)...
What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and...
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom...
Altprobe Altprobe is a component of the Alertflex project, it has functional of a collector according to SIEM/Log Management terminologies. In tandem with Alertflex controller (see AlertflexCtrl repository on this GitHub profile), Altprobe can...
MISP – Malware Information Sharing Platform and Threat Sharing MISP, Malware Information Sharing Platform, and Threat Sharing is an open source software solution for collecting, storing, distributing and sharing cybersecurity indicators and threat about...
Cmulator – Scriptable x86 RE Sandbox Emulator Cmulator is ( x86 – x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine & javascript. Supported Architectures:...
CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to...
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything...
tknk_scanner The original code of a malware must be scanned using YARA rules after processing with a debugger (or other means) to account for obfuscated malware binaries. This is a complicated process and requires...
Malwoverview Important aspect: Malwoverview does NOT submit samples to VT. It submits only hashes, so respecting Non-Disclosure Agreements (NDAs). Malwoverview.py is a simple tool to perform an initial and quick triage on a directory...
Loki – Simple IOC Scanner Scanner for Simple Indicators of Compromise Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on...
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities....
PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE. When found, it dumps the modified PE. Currently, it detects inline hooks, hollowed processes, Process Doppelgänging etc....
