Indetectables Toolkit This tool compilation is carefully crafted to be useful both for beginners and veterans of the malware analysis world. It has also proven useful for people trying their luck at the cracking...
DotDumper An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is...
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints....
Patching – Interactive Binary Patching for IDA Pro Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research....
MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale...
OpenArk OpenArk is an open-source anti-rootkit (ARK) tool for Windows. Ark is an Anti-Rootkit abbreviated, it aims at reversing/programming helper, and also users can find hidden malwares in the OS. More and more powerful...
iMonitor iMonitor (Endpoint Behavior Analysis System – Then Open Source Procmon) is an endpoint behavior monitoring and analysis software based on iMonitorSDK. Provides monitoring of system behaviors such as processes, files, registry, and networks. Support...
ShellSweep “ShellSweep” is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and its suite of tools calculate the entropy of file contents to estimate the likelihood of a...
MemProcFS Analyzer MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to assist with the analysis workflow. Features: Auto-Install of MemProcFS, EvtxECmd, Elasticsearch, Kibana Auto-Update of MemProcFS, EvtxECmd (incl. Maps),...
WhacAMole WhacAMole is a program that analyzes processes in memory in an integral way, detecting and alerting of anomalies related to the malware and presenting and saving in files all the relevant information for...
Karton Distributed malware processing framework based on Python, Redis, and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a...
subparse Subparse is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in...
Spyre Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is the easy operationalization of YARA rules and other indicators of...
THE YARALYZER Visually inspect all of the regex matches (and their sexier, more cloak-and-dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those...
FAVICORN All-sources tool to search websites by favicons. Favicorn takes a favicon and provides search result links across 10 platforms, and not only. Supported platforms Name Login required ZoomEye yes Shodan yes Fofa no...
Stratosphere Linux IPS This is the Linux version of the Stratosphere IPS, a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. It is part of a larger...
