Security Training Share
EKFiddle v.0.8.3.3 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Changelog Version 0.8.3.3 [2018-11-22] – Added Alexa Rank check (select Session(s), right click ->...
Fnord Fnord is a pattern extractor for obfuscated code Fnord has two main functions: Extract byte sequences and create some statistics Use these statistics, combined length, number of occurrences, similarity and keywords to create...
Network Flight Simulator flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunnelling, DGA traffic,...
Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client...
DECAF DECAF(short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension...
PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE. When found, it dumps the modified PE. Currently, it detects inline hooks, hollowed processes, Process Doppelgänging etc....
What is Munin? Munin is an online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based...
NEMEA System NEMEA (Network Measurements Analysis) system is a stream-wise, flow-based and modular detection system for network traffic analysis. It consists of many independent modules which are interconnected via communication interfaces and each of the modules has its own...
pestudio is used by many Computer Emergency Response Teams (CERT) worldwide in order to perform Malware Initial Assessment. Malicious software often attempts to hide its intents in order to evade early detection and static analysis....
What is phpMussel? An ideal solution for shared hosting environments, where it’s often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses, malware and...
rosenbridge Overview project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel)...
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom...
Altprobe Altprobe is a component of the Alertflex project, it has functional of a collector according to SIEM/Log Management terminologies. In tandem with Alertflex controller (see AlertflexCtrl repository on this GitHub profile), Altprobe can...
Cmulator – Scriptable x86 RE Sandbox Emulator Cmulator is ( x86 – x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine & javascript. Supported Architectures:...
