capa: identify capabilities in executable files
capa capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the...
Category: Malware Analysis
DRAKVUF Sandbox v0.7 releases: automated hypervisor-level malware analysis system
DRAKVUF Sandbox DRAKVUF Sandbox is an automated black-box malware analysis system with a DRAKVUF engine under the hood. This project provides you with a friendly web interface that allows you to upload suspicious files to...
saferwall: an open source malware analysis platform
saferwall Saferwall is an open-source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generate an...
EKFiddle v1.0.2 released: A framework to study Exploit Kits
EKFiddle v1.0.2 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Changelog # Version 1.0.2 [2020-07-10] – Improved tagging abilities – Bug fixes Features Toolbar...
Malcolm v2.1.1 releases: powerful, easily deployable network traffic analysis tool
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
PeaceMaker Threat Detection: detects advanced techniques used by malware
PeaceMaker Threat Detection PeaceMaker Threat Detection is a kernel-mode utility designed to detect a variety of methods commonly used in advanced forms of malware. Compared to a stereotypical anti-virus that may detect via hashes...
Loki v0.31.1 released – Simple IOC and Incident Response Scanner
Loki – Simple IOC Scanner Scanner for Simple Indicators of Compromise Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on...
MalConfScan v1.0.4 releases: Volatility plugin for extracts configuration data of known malware
MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In...
viper v2.0 RC10 releases: Binary analysis and management framework
Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you...
pftriage v1.0.4 releases: Python tool and library to help analyze files during malware triage and analysis
pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract the properties of a file to help during the triage process. The tool also...
