Patching – Interactive Binary Patching for IDA Pro Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research....
Android Disassembler Analyze malicious app on your phone Android Disassembler is an application that is able to analyze several types of files such as APK files, dex files, shared libraries (aka .so files) (NDK,...
Mobile Malware Mimicking Framework The Mobile Malware Mimicking framework, or m3 in short, is built to easily and scalable emulate Android malware whilst using very few resources. One can create fake bots via the command-line interface....
statiStrings statiStrings is a strings statistics calculator for YARA rules. The goal is to aid malware research by: Finding common and unique strings within malware samples Finding common strings within clean files Saving time...
Defense / Malware Analysis / Reverse Engineering
by do son · Published January 3, 2022 · Last modified April 2, 2023
iMonitor iMonitor (Endpoint Behavior Analysis System – Then Open Source Procmon) is an endpoint behavior monitoring and analysis software based on iMonitorSDK. Provides monitoring of system behaviors such as processes, files, registry, and networks. Support...
AlphaGolang AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the...
PMAT-labs – The labs for Practical Malware Analysis & Triage This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate...
HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can...
Qu1cksc0pe This tool allows statically analysis Windows, Linux, osx, executables, and also APK files. You can get: What DLL files are used. Functions and API. Sections and segments. URLs, IP addresses, and emails. Android...
Mobile Audit MobileAudit – SAST and Malware Analysis for Android Mobile APKs Django Web application for performing Static Analysis and detecting malware in Android APKs. In each of the scans, it would have the following...
AuraBorealis: Do You Know What’s In Your Python Packages? AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit data produced by scanning the...
Malware Analysis / Reverse Engineering
by do son · Published August 7, 2021 · Last modified February 11, 2022
Process Dump Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to...
TwiTi TwiTi, a tool for extracting IOCs from tweets, can collect a large number of fresh, accurate IOCs. TwiTi does classifying whether a tweet contains IOCs or not. extracting IOCs from a tweet and...
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware* analysis systems into a robust...
Passive Security Tools Fingerprinting Framework Have you ever wanted a simple, easy, and stealth bypass for multiple classes of security products? pstf^2 (pronounced pstf-square) is an implementation of an HTTP server capable of passive...
Secure Your Connection
