Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs.
https://github.com/yampelo/beagle
https://github.com/yampelo/beagle
GitHub
GitHub - yampelo/beagle: Beagle is an incident response and digital forensics tool which transforms security logs and data into…
Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. - yampelo/beagle
capa detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is a backdoor, is capable of installing services, or relies on HTTP to communicate.
https://github.com/fireeye/capa
https://github.com/fireeye/capa
GitHub
GitHub - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
The FLARE team's open-source tool to identify capabilities in executable files. - mandiant/capa
Forwarded from Ghidra (SRE)
noscript will annotate and bookmark the code with tags produced by tool Tiny Tracer
https://github.com/Dump-GUY/ghidra_noscripts
https://github.com/Dump-GUY/ghidra_noscripts
GitHub
GitHub - Dump-GUY/ghidra_noscripts
Contribute to Dump-GUY/ghidra_noscripts development by creating an account on GitHub.
Take a look into the depths of
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/
Windows kernels and
reveal more than 60000
undocumented structures
https://www.vergiliusproject.com/
Vergiliusproject
Vergilius Project
Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures.
PE Tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
https://github.com/blackberry/pe_tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.
https://github.com/blackberry/pe_tree
Latest malware news and threat information exchange forum. Malware analysis, indicators, reports and educational resources.
https://malware.news/
https://malware.news/
Malware Analysis, News and Indicators
Latest malware news and threat information exchange forum. Malware analysis, indicators, reports and educational resources.
Threat Research
Reversing Malware Command and Control: From Sockets to COM
https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html
Reversing Malware Command and Control: From Sockets to COM
https://www.fireeye.com/blog/threat-research/2010/08/reversing-malware-command-control-sockets.html
Google Cloud Blog
Reversing Malware Command and Control: From Sockets to COM | Mandiant | Google Cloud Blog
New Ursnif Variant Spreading by Word Document
https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document
https://www.fortinet.com/blog/threat-research/ursnif-variant-spreading-word-document
Fortinet Blog
New Ursnif Variant Spreading by Word Document
FortiGuard Labs recently captured a number of Word documents that were spreading a new variant of the Ursnif trojan. Learn more about how it operates and the techniques it uses. …
MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
a Volatility plugin extracts configuration data of known malware. Volatility is an open-source memory forensics framework for incident response and malware analysis. This tool searches for malware in memory images and dumps configuration data. In addition, this tool has a function to list strings to which malicious code refers.
https://github.com/JPCERTCC/MalConfScan
GitHub
GitHub - JPCERTCC/MalConfScan: Volatility plugin for extracts configuration data of known malware
Volatility plugin for extracts configuration data of known malware - JPCERTCC/MalConfScan
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
https://github.com/malrev/ABD
https://github.com/malrev/ABD
GitHub
GitHub - malrev/ABD: Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories - malrev/ABD
Digging Up the Past: Windows Registry Forensics Revisited
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
Google Cloud Blog
Digging Up the Past: Windows Registry Forensics Revisited | Mandiant | Google Cloud Blog