CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration...
What is sandfly-filescan? sandfly-filescan is a utility to quickly scan files and report on their entropy (a measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed...
DRAKVUF Sandbox DRAKVUF Sandbox is an automated black-box malware analysis system with a DRAKVUF engine under the hood. This project provides you with a friendly web interface that allows you to upload suspicious files to...
Malware Analysis / Smartphone PenTest
by do son · Published May 2, 2020 · Last modified October 25, 2022
AndroPyTool This is a tool for extracting static and dynamic features from Android APKs. It combines different well-known Android apps analysis tools such as DroidBox, FlowDroid, Strace, AndroGuard or VirusTotal analysis. Provided a source...
RepoTele – Hunting Abused Telegram Accounts The following is a part of my talk called “Leveraging Yara Rules to Hunt for Abused Telegram Accounts”, that script is the second step in my research to...
x64dbg x64dbg is an open-source binary debugger for Windows, aimed at malware analysis and reverse engineering of executables you do not have the source code for. There are many features available and a comprehensive...
Analyzer Analyzer is an open-source threat intelligence framework that automates extracting artifacts and IOCs from file/dump into a readable format. The main tool called (QManager) that interacted with the rest of them through Pipes,...
Inhale – Malware Inhaler Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations. Inhale started as a series of small scripts that I used...
WhatsApp Media Decrypt A recent high-profile forensic investigation reported that “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file] to determine if it contained any...
Dr.Semu Malware Detection and Classification Tool Based on Dynamic Behavior Dr.Semu runs executables in an isolated environment monitors the behavior of a process and based on Dr.Semu rules created by you or the community detects...
Norimaci “Norimaci” is a simple and lightweight malware analysis sandbox for macOS. This tool was inspired by “Noriben“. Norimaci uses the features of OpenBSM or Monitor.app to monitor macOS system activity instead of Sysinternals...
EmoCheck Emotet detection tool for Windows OS. How EmoCheck detects Emotet (v0.0.1) Emotet generates their process name from a specific word dictionary and C drive serial number. EmoCheck scans the running process on the...
Malware Analysis / Reverse Engineering
by do son · Published January 28, 2020 · Last modified August 7, 2023
Qiling – Advanced Binary Emulation framework Qiling is an advanced binary emulation framework, with the following features: Cross-platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X86_64, Arm, Arm64, Mips Multiple file formats: PE, MachO,...
INetSim INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behavior of unknown malware samples. Features Implemented service modules Currently, modules for the simulation...
Memhunter Automated hunting of memory-resident malware at scale Overview Memhunter is an endpoint sensor tool that is specialized in detecting resident malware, improving the threat hunter analysis process and remediation times. The tool detects...
Secure Your Connection
