MALHEUR – Automatic Analysis of Malware Behavior Introduction Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to...
Machine Learning / Malware Analysis
by do son · Published March 1, 2018 · Last modified October 10, 2021
MADLIRA Malware detection using learning and information retrieval for Android Overview MADLIRA is a tool for Android malware detection. It consists of two components: TFIDF component and SVM learning component. In general, it takes...
PE Tool to analyze PE files in python 3. Current features : Show information about the file (import, exports, resources) Search for interesting information in the file (abnormal resources, peid…) Dump sections or resources...
box.js A utility to analyze malicious JavaScript. Changelog v1.19.25 * Track execution of JS served out by a C2 as an IOC. * Track ActiveX object creations as IOCs. * Added a –fake-download command...
Rootkit Hunter (commonly abbreviated as RKH) is a security monitoring and analyzing tool for POSIX compliant systems, to help you detect known rootkits, malware, and signal general bad security practices. Rootkits have a certain structure...
tcpTrigger tcpTrigger is a Windows service intended to notify you of incoming network connections. You specify a TCP port to monitor and an action to take. Actions taken include: sending a notification email and/or...
by do son · Published February 4, 2018 · Last modified December 13, 2021
Fenrir Simple Bash IOC Scanner Fenrir is a simple IOC scanner bash script. It allows scanning Linux/Unix/OSX systems for the following Indicators of Compromise (IOCs): HashesMD5, SHA1, and SHA256 (using md5sum, sha1sum, sha -a...
Malware Analysis / Reverse Engineering
by do son · Published January 30, 2018 · Last modified February 4, 2021
Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you...
binsnitch can be used to detect silent unwanted changes to files on your system. It will scan a given directory recursively for files and keep track of any changes it detects, based on the...
Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on them everyday work. For those situations on where the...
Defense / Forensics / Machine Learning / Malware Analysis / Networking
by do son · Published December 27, 2017 · Last modified June 18, 2018
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others. AIEngine...
PEframe is an open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti-debug, anti-virtual machine, suspicious sections and...
Process Refund An attempt to implement Process Doppelgänging Getting Started Just clone the repo git clone https://github.com/Spajed/processrefund.git and open the .sln with Visual Studio 2015. Prerequisites Currently, this works only in x64. To use you...
PowerShellArsenal is a PowerShell module used to aid a reverse engineer. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyze/scrape memory, parse file formats and memory structures,...
FindYara Use this IDA python plugin to scan your binary with Yara rules. All the Yara rule matches will be listed with their offset so you can quickly hop to them! Using FindYara The...
Secure Your Connection
