Security Training Share
PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps a variety of implants within the...
mpDNS aka multi-purpose DNS Server DNS Server with multiple useful features Should work on Python 2 and 3 names.db -> holds all custom records (see examples) Simple wildcards like *.example.com Catch unicode dns requests...
commando-vm CommandoVM – a fully customized, Windows-based security distribution for penetration testing and red teaming. Installed Tools Active Directory Tools Remote Server Administration Tools (RSAT) SQL Server Command Line Utilities Sysinternals Command & Control...
Cmulator – Scriptable x86 RE Sandbox Emulator Cmulator is ( x86 – x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine & javascript. Supported Architectures:...
Sigma Generic Signature Format for SIEM Systems What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is...
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities....
pcodedmp.py – A VBA p-code disassembler It is not widely known, but macros are written in VBA (Visual Basic for Applications; the macro programming language used in Microsoft Office) exist in three different executable...
DECAF DECAF(short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension...
MalConfScan is a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In...
tarnish tarnish is a static-analysis tool to aid researchers in security reviews of Chrome extensions. It automates much of the regular grunt work and helps you quickly identify potential security vulnerabilities. This tool accompanies the...
PHP malware scanner Traversing directories for files with php extensions and testing files against text or regexp rules, the rules-based on self-gathered samples and publicly available malwares/webshells. The goal is to find infected files...
What is Munin? Munin is an online hash checker utility that retrieves valuable information from various online sources The current version of Munin queries the following services: Virustotal Malshare HybridAnalysis Note: Munin is based...
pyattck A Python module to interact with the Mitre ATT&CK Framework pyattck has the following notable features in its current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations All techniques have suggested...
PEpper An open source tool to perform malware static analysis on Portable Executable. Feature extracted Suspicious entropy ratio Suspicious name ratio Suspicious code size Suspicious debugging time-stamp Number of export Number of anti-debugging calls Number of virtual-machine detection calls Number of suspicious API calls Number...
