cmu-sei/pharos: Automated static analysis tools for binary programs
Automated static analysis tools for binary programs - cmu-sei/pharos
Malware Analysis
MalAPI.io
MalAPI.io maps Windows APIs to common techniques used by malware.
COM Objects Hijacking ~ VirusTotal Blog
The COM Hijacking technique is often utilized by threat actors and various malware families to achieve both persistence and privilege escal...
GitHub - binref/refinery: High Octane Triage Analysis
High Octane Triage Analysis. Contribute to binref/refinery development by creating an account on GitHub.
Know Your YARA Rules Series: #6 We Present GenRex - A Generator of Regular Expressions - Avast Engineering
Following our guide about regular expressions, we present a new unique tool that can help you with a creation of such expressions, mainly for those used in the YARA Cuckoo module. To fully understand the benefits of our new open-source project, we first expand our knowledge about regular expressions in the Cuckoo module, share resources […]
GitHub - enkomio/thematrix: a PE Loader and Windows API tracer. Useful in malware analysis.
a PE Loader and Windows API tracer. Useful in malware analysis. - GitHub - enkomio/thematrix: a PE Loader and Windows API tracer. Useful in malware analysis.
malsearchs/Static-Reverse-Engineering-SRE: SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool
SRE - Dissecting Malware for Static Analysis & the Complete Command-line Tool - GitHub - malsearchs/Static-Reverse-Engineering-SRE: SRE - Dissecting Malware for Static Analysis & th...
mrexodia/dumpulator: An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - GitHub - mrexodia/dumpulator: An easy-t...
CERT-Polska/mquery: YARA malware query accelerator (web frontend)
YARA malware query accelerator (web frontend). Contribute to CERT-Polska/mquery development by creating an account on GitHub.
CERT-Polska/ursadb
Trigram database written in C++, suited for malware indexing
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
GitHub - Bw3ll/sharem: SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative featur...
SigmaHQ/pySigma: Python library to parse and convert Sigma rules into queries (and whatever else you could imagine)
Python library to parse and convert Sigma rules into queries (and whatever else you could imagine) - GitHub - SigmaHQ/pySigma: Python library to parse and convert Sigma rules into queries (and what...
archercreat/titan: Titan is a VMProtect devirtualizer
Titan is a VMProtect devirtualizer. Contribute to archercreat/titan development by creating an account on GitHub.
eunomia-bpf/bpftime
Userspace eBPF runtime for fast Uprobe & Syscall hook
mentebinaria/retoolkit: Reverse Engineer's Toolkit
Reverse Engineer's Toolkit. Contribute to mentebinaria/retoolkit development by creating an account on GitHub.
Fadi002/de4py: toolkit for python reverse engineering
toolkit for python reverse engineering. Contribute to Fadi002/de4py development by creating an account on GitHub.
0x534a/dynmx: Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!
Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces! - GitHub - 0x534a/dynmx: Signature-based detection of malware featu...
can1357/NoVmp
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
enkomio/Sojobo: A binary analysis framework
A binary analysis framework. Contribute to enkomio/Sojobo development by creating an account on GitHub.
Windows System Calls For Hunters
Introduction System calls are the ultimate high-level atomic actions that Malware writers might control. System calls sequences are the defacto ultimate way to divide behaviors between good and bad…
ImpELF: Unmasking Linux Malware with a Novel Imphash Approach for ELF Binaries
As someone that primarily does Linux security research, I was frustrated that there wasn't an equivalent of an imphash for Linux ELF binaries. So, I decided to make one myself.
GitHub - mandiant/GoReSym: Go symbol recovery tool
Go symbol recovery tool. Contribute to mandiant/GoReSym development by creating an account on GitHub.
ralphje/signify: Module to generate and verify PE signatures
Module to generate and verify PE signatures. Contribute to ralphje/signify development by creating an account on GitHub.
danieluhricek/LiSa: Sandbox for automated Linux malware analysis.
Sandbox for automated Linux malware analysis. Contribute to danieluhricek/LiSa development by creating an account on GitHub.
kargisimos/detenv
A small and portable Windows C library for sandbox detection
rabbitstack/fibratus: A modern tool for Windows kernel exploration and tracing with a focus on security
A modern tool for Windows kernel exploration and tracing with a focus on security
Two Tools for Malware Analysis and Reverse Engineering in Ghidra
This post presents two tools for malware analysis and reverse engineering in Ghidra, the National Security Agency’s software reverse engineering tool suite.