Malware Analysis / Reverse Engineering
by do son · Published June 13, 2019 · Last modified March 29, 2020
Simplify Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it behaves identically but is easier for a human to understand. Each optimization type is...
ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc). See my article “Using VBA Emulation to...
Malware Analysis / Reverse Engineering
by do son · Published June 10, 2019 · Last modified October 10, 2021
Sojobo – A binary analysis framework Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to...
stoQ is an automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps team the ability to quickly transition from different...
What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and...
Malware Analysis / Smartphone PenTest
by do son · Published June 1, 2019 · Last modified July 30, 2023
APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. For more information on what this tool can be used for, check...
Androwarn Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviors developed by an Android application. The detection is performed with the static analysis of the...
ThreatIngestor An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. ThreatIngestor can be configured to watch Twitter, RSS feeds,...
python-oletools oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format, or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for...
ExtAnalysis Browser Extension Analysis Framework With ExtAnalysis you can : Download & Analyze Extensions From: Chrome Web Store Firefox Addons Analyze Installed Extensions of: Google Chrome Mozilla Firefox Opera Browser (Coming Soon) Upload and...
ripVT Maltego Canari transforms for Virus Total private API. Provided AS-IS, no warranties, no guarantees. Installation Requires Canari, specifically this branch/version Install Malformity git clone https://github.com/matonis/ripVT.git sudo python setup.py install canari create-profile ripVT Import generated ripVT.mtz...
Flerken – Open-Source Obfuscated Command Detection Tool Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are “living off the land”. To bypass signature-based detection,...
Tyton Kernel-Mode Rootkit Hunter Detected Attacks Hidden Modules Syscall Table Hooking Network Protocol Hooking Netfilter Hooking Zeroed Process Inodes Process Fops Hooking Interrupt Descriptor Table Hooking Additional Features Notifications: Users (including myself) do not...
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe)...
Machine Learning / Malware Analysis
by do son · Published May 1, 2019 · Last modified October 10, 2021
VT Hunting Virus Total Hunting is a tiny tool based on the VT api version 3 to run daily, weekly or monthly report about malware hunting. The report can be sent via email, Slack...
Secure Your Connection
