Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
subparse Subparse is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in...
hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). It is an application based on PE-sieve (a library version), so there is a big overlap...
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps a variety of implants within the...
Malwoverview Malwoverview.py is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware samples, suspect URL, and domains. Additionally, it allows us to download and...
iMonitor iMonitor (Endpoint Behavior Analysis System – Then Open Source Procmon) is an endpoint behavior monitoring and analysis software based on iMonitorSDK. Provides monitoring of system behaviors such as processes, files, registry, and networks. Support...
Mitaka Mitaka is an OSINT friendly IOC (Indicator of Compromise) search tool. It works as a Chrome extension and it makes it possible to search/scan IOC via the context menu. Features Supported IOC types...
Verdict-as-a-Service Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning...
HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can...
OfficePurge VBA purge your Office documents with OfficePurge. VBA purging removes P-code from module streams within Office documents. Documents that only contain source code and no compiled code are more likely to evade AV...
