Category: Malware Analysis
Imaginary C2 Imaginary C2 is a python tool which aims to help in the behavioural (network) analysis of malware. Imaginary C2 hosts an HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally,...
malice Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. Changelog v0.3.27 892d011 add docs on...
malscan ClamAV-based malware scanner for Linux web servers. malscan is a scanning platform for Linux servers that simplifies keeping your web servers secure and malware-free. It is built upon the ClamAV platform, providing all...
Fnord Fnord is a pattern extractor for obfuscated code Fnord has two main functions: Extract byte sequences and create some statistics Use these statistics, combined length, number of occurrences, similarity and keywords to create...
NEMEA System NEMEA (Network Measurements Analysis) system is a stream-wise, flow-based and modular detection system for network traffic analysis. It consists of many independent modules which are interconnected via communication interfaces and each of the modules has its own...
pestudio is used by many Computer Emergency Response Teams (CERT) worldwide in order to perform Malware Initial Assessment. Malicious software often attempts to hide its intents in order to evade early detection and static analysis....
rosenbridge Overview project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel)...
BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found,...
exotron Sandbox Feature Upgrader What it does It’s so sad that big sandbox vendors do not provide the information that a blue teamer would like to see in the reports. For me, it was...
What is MalZoo? MalZoo is a mass static malware analysis tool that collects the information in a Mongo database and moves the malware samples to a repository directory based on the first 4 chars...
Yabin creates Yara signatures from executable code within malware. Given one sample of malware, you can then find other samples that share code. It does this by looking for rare functions in a given...
Fridump Fridump (v0.1) is an open source memory dumping tool, primarily aimed to penetration testers and developers. Fridump is using the Frida framework to dump accessible memory addresses from any platform supported. It can...
MemScrimper is a a novel methodology to compress memory dumps of malware sandboxes. MemScrimper is built on the observation that sandboxes always start at the same system state (i.e., a sandbox snapshot) to analyze...
HyperPlatform HyperPlatform is an Intel VT-x based hypervisor (a.k.a. virtual machine monitor) aiming to provide a thin platform for research on Windows. HyperPlatform is capable of monitoring a wide range of events, including but...
MalwLess Simulation Tool (MST) MalwLess is an open source tool that allows you to simulate system compromise or attack behaviors without running processes or PoCs. The tool is designed to test Blue Team detections and...