DynamoRIO
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc.
https://github.com/DynamoRIO/dynamorio
DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc.
https://github.com/DynamoRIO/dynamorio
GitHub
GitHub - DynamoRIO/dynamorio: Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform. Contribute to DynamoRIO/dynamorio development by creating an account on GitHub.
sysmon-modular
a sysmon configuration repository for everybody to customise
https://github.com/olafhartong/sysmon-modular
a sysmon configuration repository for everybody to customise
https://github.com/olafhartong/sysmon-modular
sysmon-config
a sysmon configuration file for everybody to fork
https://github.com/SwiftOnSecurity/sysmon-config
a sysmon configuration file for everybody to fork
https://github.com/SwiftOnSecurity/sysmon-config
GitHub
GitHub - SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
Sysmon configuration file template with default high-quality event tracing - SwiftOnSecurity/sysmon-config
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
https://github.com/yampelo/beagle
https://github.com/yampelo/beagle
GitHub
GitHub - yampelo/beagle: Beagle is an incident response and digital forensics tool which transforms security logs and data into…
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. - yampelo/beagle
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
https://github.com/fireeye/capa
https://github.com/fireeye/capa
GitHub
GitHub - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa
Forwarded from Ghidra (SRE)
noscript will annotate and bookmark the code with tags produced by tool Tiny Tracer
https://github.com/Dump-GUY/ghidra_noscripts
https://github.com/Dump-GUY/ghidra_noscripts
GitHub
GitHub - Dump-GUY/ghidra_noscripts
Contribute to Dump-GUY/ghidra_noscripts development by creating an account on GitHub.
Take a look into the depths of
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/
Vergiliusproject
Vergilius Project
Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures.
PE Tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
https://github.com/blackberry/pe_tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
https://github.com/blackberry/pe_tree
Latest malware news and threat information exchange forum. Malware analysis, indicators, reports and educational resources.
https://malware.news/
https://malware.news/
Malware Analysis, News and Indicators
Latest malware news and threat information exchange forum. Malware analysis, indicators, reports and educational resources.
Threat Research
Reversing Malware Command and Control: From Sockets to COM
https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html
Reversing Malware Command and Control: From Sockets to COM
https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html
Google Cloud Blog
Reversing Malware Command and Control: From Sockets to COM | Mandiant | Google Cloud Blog
New Ursnif Variant Spreading by Word Document
https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document
https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document
Fortinet Blog
New Ursnif Variant Spreading by Word Document
FortiGuard Labs recently captured a number of Word documents that were spreading a new variant of the Ursnif trojan. Learn more about how it operates and the techniques it uses. …