memscrimper: Malware Sandbox Memory Dumps
MemScrimper is a a novel methodology to compress memory dumps of malware sandboxes. MemScrimper is built on the observation that sandboxes always start at the same system state (i.e., a...
Category: Malware Analysis
HyperPlatform: an Intel VT-x based hypervisor
HyperPlatform HyperPlatform is an Intel VT-x based hypervisor (a.k.a. virtual machine monitor) aiming to provide a thin platform for research on Windows. HyperPlatform is capable of monitoring a wide range...
MalwLess v2.3 releases: Test Blue Team detections without running any attack
MalwLess Simulation Tool (MST) MalwLess is an open source tool that allows you to simulate system compromise or attack behaviors without running processes or PoCs. The tool is designed to test...
rastrea2r: Collecting & Hunting for IOCs with gusto and style
Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced “rastreador” – hunter- in Spanish) is a multi-platform open source tool that allows...
Manalyze: static analyzer for PE executables
Manalyze A static analyzer for PE files Manalyze was written in C++ for Windows and Linux and is released under the terms of the GPLv3 license. It is a robust parser...
chiron-elk: Chiron Home Based ML Intrusion Detection System
CHIRON is a home analytics based on ELK stack combined with Machine Learning threat detection framework AKTAION. CHIRON parses and displays data from P0f, Nmap, and BRO IDS. CHIRON is...
malwaregan: Visualizing malware behavior, and proactive protection using GANs
malwaregan Emulating malware authors for proactive protection using GANs over a distributed image visualization of dynamic file behavior. References to the code The WGAN-GP model trained is based on the...
ektotal: integrated analysis tool
EKTotal EKTotal is an integrated analysis tool that can automatically analyze the traffic of Drive-by Download attacks. The proposed software package can identify four types of Exploit Kits such as...
ypsilon: Automated Use Case Testing
ypsilon Automated Use Case Testing Ypsilon is an Automated Security Use Case Testing Environment using real malware to test SIEM use cases in a closed environment. Different tools such as Ansible, Cuckoo, VirtualBox, Splunk,...
DDEtector: Simple DDE object detector
DDEtect Written by Amit Serper, @0xAmit DDEtector is a simple DDE object detector written in python Currently supports only word DOCX and legacy DOC files Prints the contents of the DDE payloads...
malcom: Malware Communication Analyzer
Malcom – Malware Communication Analyzer Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This...
IRMA v2.4.15 releases: Incident Response & Malware Analysis
IRMA: Incident Response & Malware Analysis IRMA is an asynchronous and customizable analysis system for suspicious files. This repository is a subproject of IRMA and contains the source code for...
CSCGuard: Protects and logs suspicious and malicious
CSCGuard Protects and logs suspicious and malicious usage of .NET CSC.exe and Runtime C# Compilation Features Able to detect and prevent runtime C# compilation used by malware even when “GenerateInMemory”...
Uitkyk: Runtime memory analysis framework to identify Android malware
Uitkyk is a framework that allows you to identify Android malware according to the instantiated objects on the heap for a specific Android process. Uitkyk scans the heap of a...
MalScan: Simple PE File Heuristics Scanners
MalScan MalScan is a simple PE File Heuristics Scanners written in python that you can use to quickly analyze a PE file and find out whether anything suspicious exists. It...
