-
Posts
49 -
Joined
-
Last visited
-
Days Won
4
Everything posted by ImiDucCuMandrieSteagul
-
hacked by louis
-
de ce nu vine razboiul ala odata sa scapam de astia ca tine?
-
Deci a venit ala cu cyborgi Ai venit tu cu skiddie Ce urmeaza?
-
-
eu sunt hecar bombardier manelist.
-
Ofer 2 HOF-uri in Microsoft.
ImiDucCuMandrieSteagul replied to ImiDucCuMandrieSteagul's topic in Off-topic
Inca unu pentru aici: https://bughunter.withgoogle.com/characterlist -
Schimb 45 euro PayPal in Bitcoin. jabber: kronzy1337@jabber.ru sau pm aici. trimit prin friends & family.
-
ce'ai ma, cu 20 euro traiesc o luna, esti nebun
-
Ofer 2 HOF-uri in Microsoft.
ImiDucCuMandrieSteagul replied to ImiDucCuMandrieSteagul's topic in Off-topic
Am mai facut rost de unu, daca vrea cineva PM. -
Google Capture the Flag 2018 The qualification round will begin June 23 and finish June 24. 1. The first place will win $13,337 USD 2. The second place $7,331 USD 3. The third place $3,133.7 USD We will pay for the best 32 writeups 100 to 500 USD. https://ctftime.org/event/623 https://capturetheflag.withgoogle.com/
-
- 2
-
Am facut si un update la sait : https://carder.life/
-
Pai cumpăra la om, ce mai stai?
-
Fac mail-uri : @carder.life Doar hecari adevărați, benificiază de acest serviciu. PM cu mail și pass
-
Urat rău CTF-ul. Unde au fost cazate echipele nu puteai sa stai de miros(cred că aveau și șobolani). Mi-a ieșit un chall de la Forenics din bulaneala, ne-au luat punctele că n-am dat explicații "full", de pe locul 3, pe 4.
-
UPPP 100$ pentru Crypto/Web/Reverse.
-
Am nevoie de un 1-2 persoane pentru CTF, incepe sambata la 12:00. Daca castigam 150$/persoana. Daca nu, dau eu 50$/persoana.
-
Am vorbit cu @Andrei și acceptă și crypto pentru cei ce "țin" bani in crypto. Da-ti email la contact@defcamp.ro cine vrea sa vina (nume, prenume, email, job title, company) Și va da el adresa.
-
Cum pot afla unde se afla exact un pc daca ii stiu ip-ul?
ImiDucCuMandrieSteagul replied to ceornea's topic in Off-topic
https://www.gloryholefoundation.com/ -
Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system, invented in 2005 by Linux founder Linus Torvalds. GitHub is used by many developers and big tech companies including Apple, Amazon, Google, Facebook, and IBM to store their corporate code and privately collaborate on software, but Microsoft is one of the top contributors to the web-hosting service. Microsoft has uploaded several of its most important projects, including PowerShell, the .NET framework, and the Microsoft Edge JavaScript engine, to the website under open source licenses. Microsoft also partnered with Canonical to bring Ubuntu to Windows 10. Citing sources familiar with the matter, Bloomberg reports that GitHub opted to sell to Microsoft in part because it was impressed with the performance and leadership of Microsoft's CEO Satya Nadella, who has pushed the company to embrace open source technology. In a blog post published today, Microsoft has confirmed that will acquire GitHub for $7.5 billion in Microsoft stock, and the deal is expected to close by the end of 2018. "GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects — and will still be able to deploy their code to any operating system, any cloud and any device." "Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives." GitHub was last valued at $2 billion in 2015. However, the decision has brought fear among some developers at open source community, with some Twitter users proclaiming the death of GitHub and open source software, and many considering to switch to rival services such as BitBucket or GitLab. The concern is completely rational and understandable. Despite the company's lack of a CEO and money woes, Github holds a privileged position in the software development ecosystem and plays a critical role. GitHub is, no doubt, a hub of the open source world, with 80 million code repositories hosted on the site as of March 2018. Microsoft, on the other hand, has once opposed to such open-source software development, with its ex-CEO Steve Ballmer describing Linux as "cancer." However, Nadella moved the company away from complete dependence on its Windows OS to more in-house development on Linux. Microsoft even brought Linux to Windows, via the Windows Subsystem for Linux. Microsoft's largest acquisition to date was LinkedIn, the job-oriented professional social network it acquired in 2015 for $26 billion, and many people are now concerned that the massive investment in LinkedIn will start to pay off for Microsoft. With both LinkedIn and GitHub, Microsoft is in a position to expand and strengthen LinkedIn. Also, the acquisition will give Microsoft access to a wealth of data and millions of software developers. https://thehackernews.com/2018/06/microsoft-acquires-github.html
-
Toți și au luat pula-n gura de la cei mai mari întotdeauna, asta e tradiția. Impacati-va cu ideea.
-
Poate e geniu omu... Nu v-ati gandit la asta? :)) Unde ai fost Einstein in tot timpul asta?
-
Ofer 2 HOF-uri in Microsoft. PM pentru detalii.
-
A Penetration Testing Framework , The Hacker’s Repo our hope is in the last version we will have evry script that a hacker needs #Information Gathering : nmap Setoolkit Port Scanning Host To IP wordpress user enumeration CMS scanner XSStracer - checks remote web servers for Clickjacking, Cross-Frame Scripting, Cross-Site Tracing and Host Header Injection Doork - Google Dorks Passive Vulnerability Auditor Scan A server's Users Password Attacks : Cupp Ncrack AutoBrowser Screenshot Wireless Testing : reaver pixiewps Bluetooth Honeypot GUI Framework Exploitation Tools : Venom sqlmap Shellnoob commix FTP Auto Bypass jboss-autopwn Blind SQL Automatic Injection And Exploit Bruteforce the Android Passcode given the hash and salt Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection Scanner cms Few BLACKBOx Liffy Sniffing & Spoofing : Setoolkit SSLtrip pyPISHER SMTP Mailer Web Hacking : Drupal Hacking Inurlbr Wordpress & Joomla Scanner Gravity Form Scanner File Upload Checker Wordpress Exploit Scanner Wordpress Plugins Scanner Shell and Directory Finder Joomla! 1.5 - 3.4.5 remote code execution Vbulletin 5.X remote code execution BruteX - Automatically brute force all services running on a target Arachni - Web Application Security Scanner Framework Sub-domain Scanning Wordpress Scanning Wordpress Username Enumeration Wordpress Backup Grabbing Sensitive File Detection Same-Site Scripting Scanning Click Jacking Detection Powerful XSS vulnerability scanning SQL Injection vulnerability scanning #Private Tools Get all websites Get joomla websites Get wordpress websites Find control panel Find zip files Find upload files Get server users Scan from SQL injection Scan ports (range of ports) Scan ports (common ports) Get server banner Bypass Cloudflare #Post Exploitation Shell Checker POET Weeman - Phishing Framework Insecure Web Interface Insufficient Authentication/Authorization Insecure Network Services Lack of Transport Encryption Privacy Concerns Insecure Cloud Interface Insecure Mobile Interface Insufficient Security Configurability Insecure Software/Firmware Poor Physical Security Radium-Keylogger - Python keylogger with multiple features #Recon Sniper #Smartphones Penetration Attach Framework to a Deployed Agent/Create Agent Send Commands to an Agent View Information Gathered Attach Framework to a Mobile Modem Run a remote attack Run a social engineering or client side attack Compile code to run on mobile devices Install Stuff Use Drozer Setup API Bruteforce the Android Passcode given the hash and salt Download: git clone https://github.com/x3omdax/PenBox.git
-
Anonymizers Web traffic anonymizers for analysts. Anonymouse.org - A free, web based anonymizer. OpenVPN - VPN software and hosting solutions. Privoxy - An open source proxy server with some privacy features. Tor - The Onion Router, for browsing the web without leaving traces of the client IP. Honeypots Trap and collect your own samples. Conpot - ICS/SCADA honeypot. Cowrie - SSH honeypot, based on Kippo. Dionaea - Honeypot designed to trap malware. Glastopf - Web application honeypot. Honeyd - Create a virtual honeynet. HoneyDrive - Honeypot bundle Linux distro. Mnemosyne - A normalizer for honeypot data; supports Dionaea. Thug - Low interaction honeyclient, for investigating malicious websites. Malware Corpora Malware samples collected for analysis. Clean MX - Realtime database of malware and malicious domains. Contagio - A collection of recent malware samples and analyses. Exploit Database - Exploit and shellcode samples. Malshare - Large repository of malware actively scrapped from malicious sites. samples directly from a number of online sources. MalwareDB - Malware samples repository. Open Malware Project - Sample information and downloads. Formerly Offensive Computing. Ragpicker - Plugin based malware crawler with pre-analysis and reporting functionalities theZoo - Live malware samples for analysts. Tracker h3x - Agregator for malware corpus tracker and malicious download sites. ViruSign - Malware database that detected by many anti malware programs except ClamAV. VirusShare - Malware repository, registration required. VX Vault - Active collection of malware samples. Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser. Zeus Source Code - Source for the Zeus trojan leaked in 2011. Open Source Threat Intelligence Tools Harvest and analyze IOCs. AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel. AlienVault Open Threat Exchange - Share and collaborate in developing Threat Intelligence. Combine - Tool to gather Threat Intelligence indicators from publicly available sources. Fileintel - Pull intelligence per file hash. Hostintel - Pull intelligence per host. IntelMQ - A tool for CERTs for processing incident data using a message queue. IOC Editor - A free editor for XML IOC files. ioc_writer - Python library for working with OpenIOC objects, from Mandiant. Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation. MISP - Malware Information Sharing Platform curated by The MISP Project. PassiveTotal - Research, connect, tag and share IPs and domains. PyIOCe - A Python OpenIOC editor. threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources. ThreatCrowd - A search engine for threats, with graphical visualization. ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines. TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds. Other Resources Threat intelligence and IOC resources. Autoshun (list) - Snort plugin and blocklist. Bambenek Consulting Feeds - OSINT feeds based on malicious DGA algorithms. Fidelis Barncat - Extensive malware config database (must request access). CI Army (list) - Network security blocklists. Critical Stack- Free Intel Market - Free intel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators. CRDF ThreatCenter - List of new threats detected by CRDF anti-malware. Cybercrime tracker - Multiple botnet active tracker. FireEye IOCs - Indicators of Compromise shared publicly by FireEye. FireHOL IP Lists - Analytics for 350+ IP lists with a focus on attacks, malware and abuse. Evolution, Changes History, Country Maps, Age of IPs listed, Retention Policy, Overlaps. hpfeeds - Honeypot feed protocol. Internet Storm Center (DShield) - Diary and searchable incident database, with a web API (unofficial Python library). malc0de - Searchable incident database. Malware Domain List - Search and share malicious URLs. OpenIOC - Framework for sharing threat intelligence. Proofpoint Threat Intelligence - Rulesets and more. (Formerly Emerging Threats.) Ransomware overview - A list of ransomware overview with details, detection and prevention. STIX - Structured Threat Information eXpression - Standardized language to represent and share cyber threat information. Related efforts from MITRE: CAPEC - Common Attack Pattern Enumeration and Classification CybOX - Cyber Observables eXpression MAEC - Malware Attribute Enumeration and Characterization TAXII - Trusted Automated eXchange of Indicator Information threatRECON - Search for indicators, up to 1000 free per month. Yara rules - Yara rules repository. ZeuS Tracker - ZeuS blocklists. Detection and Classification Antivirus and other malware identification tools AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files. chkrootkit - Local Linux rootkit detection. ClamAV - Open source antivirus engine. Detect-It-Easy - A program for determining types of files. ExifTool - Read, write and edit file metadata. File Scanning Framework - Modular, recursive file scanning solution. hashdeep - Compute digest hashes with a variety of algorithms. Loki - Host based scanner for IOCs. Malfunction - Catalog and compare malware at a function level. MASTIFF - Static analysis framework. MultiScanner - Modular file scanning/analysis framework nsrllookup - A tool for looking up hashes in NIST's National Software Reference Library database. packerid - A cross-platform Python alternative to PEiD. PEV - A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries. Rootkit Hunter - Detect Linux rootkits. ssdeep - Compute fuzzy hashes. totalhash.py - Python script for easy searching of the TotalHash.cymru.com database. TrID - File identifier. YARA - Pattern matching tool for analysts. Yara rules generator - Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives. Online Scanners and Sandboxes Web-based multi-AV scanners, and malware sandboxes for automated analysis. APK Analyzer - Free dynamic analysis of APKs. AndroTotal - Free online analysis of APKs against multiple mobile antivirus apps. AVCaesar - Malware.lu online scanner and malware repository. Cryptam - Analyze suspicious office documents. Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system. cuckoo-modified - Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author. cuckoo-modified-api - A Python API used to control a cuckoo-modified sandbox. DeepViz - Multi-format file analyzer with machine-learning classification. detux - A sandbox developed to do traffic analysis of Linux malwares and capturing IOCs. Document Analyzer - Free dynamic analysis of DOC and PDF files. DRAKVUF - Dynamic malware analysis system. File Analyzer - Free dynamic analysis of PE files. firmware.re - Unpacks, scans and analyzes almost any firmware package. Hybrid Analysis - Online malware analysis tool, powered by VxSandbox. Intezer - Detect, analyze, and categorize malware by identifying code reuse and code similarities. IRMA - An asynchronous and customizable analysis platform for suspicious files. Joe Sandbox - Deep malware analysis with Joe Sandbox. Jotti - Free online multi-AV scanner. Limon - Sandbox for Analyzing Linux Malwares Malheur - Automatic sandboxed analysis of malware behavior. Malware config - Extract, decode and display online the configuration settings from common malwares. Malwr - Free analysis with an online Cuckoo Sandbox instance. MASTIFF Online - Online static analysis of malware. Metadefender.com - Scan a file, hash or IP address for malware (free) NetworkTotal - A service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware using Suricata configured with EmergingThreats Pro. Noriben - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment. PDF Examiner - Analyse suspicious PDF files. ProcDot - A graphical malware analysis tool kit. Recomposer - A helper script for safely uploading binaries to sandbox sites. Sand droid - Automatic and complete Android application analysis system. SEE - Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. URL Analyzer - Free dynamic analysis of URL files. VirusTotal - Free online analysis of malware samples and URLs Visualize_Logs - Open source visualization library and command line tools for logs. (Cuckoo, Procmon, more to come...) Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser. Domain Analysis Inspect domains and IP addresses. Censys - Domain and DNS enumeration Tool Desenmascara.me - One click tool to retrieve as much metadata as possible for a website and to assess its good standing. Dig - Free online dig and other network tools. dnstwist - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage.DNSdumpster - Domain name enumeration IPinfo - Gather information about an IP or domain by searching online resources. Machinae - OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator. mailchecker - Cross-language temporary email detection library. MaltegoVT - Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports. Multi rbl - Multiple DNS blacklist and forward confirmed reverse DNS lookup over more than 300 RBLs. [Sublistr] (https://github.com/aboul3la/Sublist3r) - Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. SenderBase - Search for IP, domain or network owner. SpamCop - IP based spam block list. SpamHaus - Block list based on domains and IPs. Sucuri SiteCheck - Free Website Malware and Security Scanner. TekDefense Automater - OSINT tool for gathering information about URLs, IPs, or hashes. URLQuery - Free URL Scanner. Whois - DomainTools free online whois search. Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser. ZScalar Zulu - Zulu URL Risk Analyzer. Browser Malware Analyze malicious URLs. See also the domain analysis and documents and shellcode sections. Firebug - Firefox extension for web development. Java Decompiler - Decompile and inspect Java apps. Java IDX Parser - Parses Java IDX cache files. JSDetox - JavaScript malware analysis tool. jsunpack-n - A javascript unpacker that emulates browser functionality. Krakatau - Java decompiler, assembler, and disassembler. Malzilla - Analyze malicious web pages. RABCDAsm - A "Robust ActionScript Bytecode Disassembler." swftools - Tools for working with Adobe Flash files. xxxswf - A Python script for analyzing Flash files. Documents and Shellcode Analyze malicious JS and shellcode from PDFs and Office documents. See also the browser malware section. AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious. box-js - A tool for studying JavaScript malware, featuring JScript/WScript support and ActiveX emulation. diStorm - Disassembler for analyzing malicious shellcode. JS Beautifier - JavaScript unpacking and deobfuscation. JS Deobfuscator - Deobfuscate simple Javascript that use eval or document.write to conceal its code. libemu - Library and tools for x86 shellcode emulation. malpdfobj - Deconstruct malicious PDFs into a JSON representation. OfficeMalScanner - Scan for malicious traces in MS Office documents. olevba - A script for parsing OLE and OpenXML documents and extracting useful information. Origami PDF - A tool for analyzing malicious PDFs, and more. PDF Tools - pdfid, pdf-parser, and more from Didier Stevens. PDF X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY. peepdf - Python tool for exploring possibly malicious PDFs. QuickSand - QuickSand is a compact C framework to analyze suspected malware documents to identify exploits in streams of different encodings and to locate and extract embedded executables. Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS. File Carving For extracting files from inside disk and memory images. bulk_extractor - Fast file carving tool. EVTXtract - Carve Windows Event Log files from raw binary data. Foremost - File carving tool designed by the US Air Force. Hachoir - A collection of Python libraries for dealing with binary files. Scalpel - Another data carving tool. Deobfuscation Reverse XOR and other code obfuscation methods. Balbuzard - A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more. de4dot - .NET deobfuscator and unpacker. ex_pe_xor & iheartxor - Two tools from Alexander Hanel for working with single-byte XOR encoded files. FLOSS - The FireEye Labs Obfuscated String Solver uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries. NoMoreXOR - Guess a 256 byte XOR key using frequency analysis. PackerAttacker - A generic hidden code extractor for Windows malware. unpacker - Automated malware unpacker for Windows malware based on WinAppDbg. unxor - Guess XOR keys using known-plaintext attacks. VirtualDeobfuscator - Reverse engineering tool for virtualization wrappers. XORBruteForcer - A Python script for brute forcing single-byte XOR keys. XORSearch & XORStrings - A couple programs from Didier Stevens for finding XORed data. xortool - Guess XOR key length, as well as the key itself. Debugging and Reverse Engineering Disassemblers, debuggers, and other static and dynamic analysis tools. angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab. bamfdetect - Identifies and extracts information from bots and other malware. BAP - Multiplatform and open source (MIT) binary analysis framework developed at CMU's Cylab. BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework. binnavi - Binary analysis IDE for reverse engineering based on graph visualization. Binwalk - Firmware analysis tool. Bokken - GUI for Pyew and Radare. (mirror) Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages. codebro - Web based code browser using clang to provide basic code analysis. dnSpy - .NET assembly editor, decompiler and debugger. Evan's Debugger (EDB) - A modular debugger with a Qt GUI. Fibratus - Tool for exploration and tracing of the Windows kernel. FPort - Reports open TCP/IP and UDP ports in a live system and maps them to the owning application. GDB - The GNU debugger. GEF - GDB Enhanced Features, for exploiters and reverse engineers. hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols. IDA Pro - Windows disassembler and debugger, with a free evaluation version. Immunity Debugger - Debugger for malware analysis and more, with a Python API. ltrace - Dynamic analysis for Linux executables. objdump - Part of GNU binutils, for static analysis of Linux binaries. OllyDbg - An assembly-level debugger for Windows executables. PANDA - Platform for Architecture-Neutral Dynamic Analysis PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands. pestudio - Perform static analysis of Windows executables. plasma - Interactive disassembler for x86/ARM/MIPS. PPEE (puppy) - A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail. Process Explorer - Advanced task manager for Windows. Process Monitor - Advanced monitoring tool for Windows programs. PSTools - Windows command-line tools that help manage and investigate live systems. Pyew - Python tool for malware analysis. Radare2 - Reverse engineering framework, with debugger support. RetDec - Retargetable machine-code decompiler with an online decompilation service and API that you can use in your tools. ROPMEMU - A framework to analyze, dissect and decompile complex code-reuse attacks. SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis. strace - Dynamic analysis for Linux executables. Triton - A dynamic binary analysis (DBA) framework. Udis86 - Disassembler library and tool for x86 and x86_64. Vivisect - Python tool for malware analysis. X64dbg - An open-source x64/x32 debugger for windows. Network Analyze network interactions. Bro - Protocol analyzer that operates at incredible scale; both file and network protocols. BroYara - Use Yara rules from Bro. CapTipper - Malicious HTTP traffic explorer. chopshop - Protocol analysis and decoding framework. Fiddler - Intercepting web proxy designed for "web debugging." Hale - Botnet C&C monitor. Haka - An open source security oriented language for describing protocols and applying security policies on (live) captured traffic. INetSim - Network service emulation, useful when building a malware lab. Laika BOSS - Laika BOSS is a file-centric malware analysis and intrusion detection system. Malcom - Malware Communications Analyzer. Maltrail - A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails and featuring an reporting and analysis interface. mitmproxy - Intercept network traffic on the fly. Moloch - IPv4 traffic capturing, indexing and database system. NetworkMiner - Network forensic analysis tool, with a free version. ngrep - Search through network traffic like grep. PcapViz - Network topology and traffic visualizer. Tcpdump - Collect network traffic. tcpick - Trach and reassemble TCP streams from network traffic. tcpxtract - Extract files from network traffic. Wireshark - The network traffic analysis tool. Memory Forensics Tools for dissecting malware in memory images or running systems. BlackLight - Windows/MacOS forensics client supporting hiberfil, pagefile, raw memory analysis DAMM - Differential Analysis of Malware in Memory, built on Volatility evolve - Web interface for the Volatility Memory Forensics Framework. FindAES - Find AES encryption keys in memory. Muninn - A script to automate portions of analysis using Volatility, and create a readable report. Rekall - Memory analysis framework, forked from Volatility in 2013. TotalRecall - Script based on Volatility for automating various malware analysis tasks. VolDiff - Run Volatility on memory images before and after malware execution, and report changes. Volatility - Advanced memory forensics framework. VolUtility - Web Interface for Volatility Memory Analysis framework. WinDbg - Live memory inspection and kernel debugging for Windows systems. Windows Artifacts AChoir - A live incident response script for gathering Windows artifacts. python-evt - Python library for parsing Windows Event Logs. python-registry - Python library for parsing registry files. RegRipper (GitHub) - Plugin-based registry analysis tool. Storage and Workflow Aleph - OpenSource Malware Analysis Pipeline System. CRITs - Collaborative Research Into Threats, a malware and threat repository. Malwarehouse - Store, tag, and search malware. Polichombr - A malware analysis platform designed to help analysts to reverse malwares collaboratively. stoQ - Distributed content analysis framework with extensive plugin support, from input to output, and everything in between. Viper - A binary management and analysis framework for analysts and researchers. Miscellaneous al-khaser - A PoC malware with good intentions that aimes to stress anti-malware systems. Binarly - Search engine for bytes in a large corpus of malware. DC3-MWCP - The Defense Cyber Crime Center's Malware Configuration Parser framework. MalSploitBase - A database containing exploits used by malware. Malware Museum - Collection of malware programs that were distributed in the 1980s and 1990s. Pafish - Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do. REMnux - Linux distribution and docker images for malware reverse engineering and analysis. Santoku Linux - Linux distribution for mobile forensics, malware analysis, and security. Resources Books Essential malware analysis reading material. Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code. Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software. Real Digital Forensics - Computer Security and Incident Response The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory. The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler. The Rootkit Arsenal - The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System Twitter Some relevant Twitter accounts. Adamb @Hexacorn Andrew Case @attrc Binni Shah @binitamshah Claudio @botherder Dustin Webber @mephux Glenn @hiddenillusion jekil @jekil Jurriaan Bremer @skier_t Lenny Zeltser @lennyzeltser Liam Randall @hectaman Mark Schloesser @repmovsb Michael Ligh (MHL) @iMHLv2 Monnappa @monnappa22 Open Malware @OpenMalware Richard Bejtlich @taosecurity Volatility @volatility Other APT Notes - A collection of papers and notes related to Advanced Persistent Threats. File Formats posters - Nice visualization of commonly used file format (including PE & ELF). Honeynet Project - Honeypot tools, papers, and other resources. Kernel Mode - An active community devoted to malware analysis and kernel development. Malicious Software - Malware blog and resources by Lenny Zeltser. Malware Analysis Search - Custom Google search engine from Corey Harrell. Malware Analysis Tutorials - The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learning practical malware analysis. Malware Samples and Traffic - This blog focuses on network traffic related to malware infections. Practical Malware Analysis Starter Kit - This package contains most of the software referenced in the Practical Malware Analysis book. RPISEC Malware Analysis - These are the course materials used in the Malware Analysis course at at Rensselaer Polytechnic Institute during Fall 2015. WindowsIR: Malware - Harlan Carvey's page on Malware. Windows Registry specification - Windows registry file format specification. /r/csirt_tools - Subreddit for CSIRT tools and resources, with a malware analysis flair. /r/Malware - The malware subreddit. /r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware. https://github.com/wtsxDev/Malware-Analysis
-
- 2