Information Security
Qiling – Advanced Binary Emulation framework Qiling is an advanced binary emulation framework, with the following features: Cross-platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X86_64, Arm, Arm64, Mips Multiple file formats: PE, MachO,...
Loki – Simple IOC Scanner Scanner for Simple Indicators of Compromise Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on...
EKFiddle v0.9.5 A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Changelog v0.9.5 – New contextual menus and items – Added urlscan.io as a lookup...
INetSim INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behavior of unknown malware samples. Features Implemented service modules Currently, modules for the simulation...
Network Flight Simulator flightsim is a lightweight utility used to generate malicious network traffic and help security teams to evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic,...
Memhunter Automated hunting of memory-resident malware at scale Overview Memhunter is an endpoint sensor tool that is specialized in detecting resident malware, improving the threat hunter analysis process and remediation times. The tool detects...
AMIRA: Automated Malware Incident Response & Analysis AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular, The One Filter to Rule...
APKiD gives you information about how an APK was made. It identifies many compilers, packers, obfuscators, and other weird stuff. It’s PEiD for Android. For more information on what this tool can be used for, check...
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek...
Quark Engine An Obfuscation-Neglect Android Malware Scoring System Android malware analysis engine is not a new story. Every antivirus company has its own secrets to build it. With curiosity, we develop a malware scoring...
Linux news