moneta: live usermode memory analysis tool
Moneta Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs. With fileless malware becoming ubiquitous in the Red Teaming world, dynamic code...
Category: Malware Analysis
kraken: cross-platform Yara scanner
kraken Kraken is a simple cross-platform Yara scanner that can be built for Windows, Mac, FreeBSD, and Linux. It is primarily intended for incident response, research, and ad-hoc detections (not for...
VT Code Similarity Yara Generator
VT Code Similarity Yara Generator Yara rule generator using VirusTotal code similarity feature code-similar-to: This Yara generator is using VirusTotal ‘code-similar-to:’ beta search modifier to gather code blocks from PE files...
Vol3xp: Volatility Explorer Suit
Vol3xp, Volatility 3 Explorer Plugins RAMMap -> Physical Address Mapping (pfn.py) RAMMap (very similar to Rammap [SysInternals]), but additionally it marks any suspicious pages (for more information read the pdf)....
Hfinger: fingerprinting HTTP requests
Hfinger – fingerprinting HTTP requests Tool for fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage 🙂 Its main objective is to provide a...
replica: Ghidra Analysis Enhancer
replica Ghidra Analysis Enhancer ✨Features ⚡ Disassemble missed instructions – Define code that Ghidra’s auto analysis missed ⚡ Detect and fix missed functions – Define functions that Ghidra’s auto analysis missed ⚡ Fix...
XLM Macro Deobfuscator v0.2.7 releases: Extract and Deobfuscate XLM macros
XLM Macro Deobfuscator XLM Macro Deobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros,...
Speakeasy v1.5.11 releases: emulate Windows kernel and user mode malware
Speakeasy Speakeasy is a portable, modular, binary emulator designed to emulate Windows kernel and user mode malware. Instead of attempting to perform dynamic analysis using an entire virtualized operating system,...
xioc: Extract indicators of compromise from text
xioc Extract indicators of compromise from the text, including “escaped” ones like hxxp://banana.com, 1.1.1[.]1, and phish at malicious dot com. Features Extract IOCs (indicators of compromise) from an input text:...
spyre v1.2.5 releases: simple YARA-based IOC scanner
Spyre Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is the easy operationalization of YARA rules...
saferwall v0.5 releases: Collaborative and Streamlined Threat Analysis at Scale
saferwall – Collaborative and Streamlined Threat Analysis at Scale Saferwall allows you to analyze, triage, and classify threats in just minutes. ⭐ Collaborative – Built for security teams and researchers to streamline analysis, identification, and...
PeaceMaker Threat Detection: detects advanced techniques used by malware
PeaceMaker Threat Detection PeaceMaker Threat Detection is a kernel-mode utility designed to detect a variety of methods commonly used in advanced forms of malware. Compared to a stereotypical anti-virus that...
zelos v0.2 releases: comprehensive binary emulation and instrumentation platform
Zelos Zelos (Zeropoint Emulated Lightweight Operating System) is a python-based binary emulation platform. One use of Zelos is to quickly assess the dynamic behavior of binaries via command-line or python scripts. All syscalls are...
Linux Memory Grabber: automating Linux memory capture and analysis
Linux Memory Grabber A script for dumping Linux memory and creating Volatility(TM) profiles. To analyze Linux memory, you first need to be able to capture Linux memory. AVML works great,...
CAPEv2: Malware Configuration And Payload Extraction
CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of...
