Deep Freeze is a backup and recovery software that protects your computer by disabling all changes made to the operating system. This software is useful for cases in which you don't wish to make permanent changes to your system or the documents stored. Netcat Tutorial:- Netcat, also known as the Swiss army knife for hackers.It’s a networking tool or a utility which is used to read and write data by initiating a connection over TCP and UDP port. In this post, we will learn how to use Netcat windows and netcat linux version. Using netcat, you can perform many tasks like transferring files, chatting, port scanning, setting up a backdoor.
Facebook icon download for mac. A curated list of awesome malware analysis tools and resources. Inspired byawesome-python andawesome-php.
- Malware Collection
- Open Source Threat Intelligence
- Resources
View Chinese translation: 恶意软件分析大合集.md.
Regshot Equivalent For Mac Shortcut
Malware Collection
Anonymizers
Web traffic anonymizers for analysts.
- Anonymouse.org - A free, web based anonymizer.
- OpenVPN - VPN software and hosting solutions.
- Privoxy - An open source proxy server with someprivacy features.
- Tor - The Onion Router, for browsing the webwithout leaving traces of the client IP.
Honeypots
Trap and collect your own samples.
- Conpot - ICS/SCADA honeypot.
- Cowrie - SSH honeypot, basedon Kippo.
- DemoHunter - Low interaction Distributed Honeypots.
- Dionaea - Honeypot designed to trap malware.
- Glastopf - Web application honeypot.
- Honeyd - Create a virtual honeynet.
- HoneyDrive - Honeypot bundle Linux distro.
- Honeytrap - Opensource system for running, monitoring and managing honeypots.
- MHN - MHN is a centralized server for management and data collection of honeypots. MHN allows you to deploy sensors quickly and to collect data immediately, viewable from a neat web interface.
- Mnemosyne - A normalizer forhoneypot data; supports Dionaea.
- Thug - Low interaction honeyclient, forinvestigating malicious websites.
Malware Corpora
Malware samples collected for analysis.
- Clean MX - Realtimedatabase of malware and malicious domains.
- Contagio - A collection of recentmalware samples and analyses.
- Exploit Database - Exploit and shellcodesamples.
- Infosec - CERT-PA - Malware samples collection and analysis.
- InQuest Labs - Evergrowing searchable corpus of malicious Microsoft documents.
- Javascript Mallware Collection - Collection of almost 40.000 javascript malware samples
- Malpedia - A resource providingrapid identification and actionable context for malware investigations.
- Malshare - Large repository of malware activelyscrapped from malicious sites.
- Open Malware Project - Sample information anddownloads. Formerly Offensive Computing.
- Ragpicker - Plugin based malwarecrawler with pre-analysis and reporting functionalities
- theZoo - Live malware samples foranalysts.
- Tracker h3x - Agregator for malware corpus trackerand malicious download sites.
- vduddu malware repo - Collection ofvarious malware files and source code.
- VirusBay - Community-Based malware repository and social network.
- ViruSign - Malware database that detected bymany anti malware programs except ClamAV.
- VirusShare - Malware repository, registrationrequired.
- VX Vault - Active collection of malware samples.
- Zeltser's Sources - A listof malware sample sources put together by Lenny Zeltser.
- Zeus Source Code - Source for the Zeustrojan leaked in 2011.
- VX Underground - Massive and growing collection of free malware samples.
Open Source Threat Intelligence
Tools
Harvest and analyze IOCs.
- AbuseHelper - An open-sourceframework for receiving and redistributing abuse feeds and threat intel.
- AlienVault Open Threat Exchange - Share andcollaborate in developing Threat Intelligence.
- Combine - Tool to gather ThreatIntelligence indicators from publicly available sources.
- Fileintel - Pull intelligence per file hash.
- Hostintel - Pull intelligence per host.
- IntelMQ -A tool for CERTs for processing incident data using a message queue.
- IOC Editor -A free editor for XML IOC files.
- iocextract - Advanced Indicatorof Compromise (IOC) extractor, Python library and command-line tool.
- ioc_writer - Python library forworking with OpenIOC objects, from Mandiant.
- MalPipe - Malware/IOC ingestion andprocessing engine, that enriches collected data.
- Massive Octo Spice -Previously known as CIF (Collective Intelligence Framework). Aggregates IOCsfrom various lists. Curated by theCSIRT Gadgets Foundation.
- MISP - Malware Information SharingPlatform curated by The MISP Project.
- Pulsedive - Free, community-driven threat intelligence platform collecting IOCs from open-source feeds.
- PyIOCe - A Python OpenIOC editor.
- RiskIQ - Research, connect, tag andshare IPs and domains. (Was PassiveTotal.)
- threataggregator -Aggregates security threats from a number of sources, including some ofthose listed below in other resources.
- ThreatConnect - TC Open allows you to see andshare open source threat data, with support and validation from our free community.
- ThreatCrowd - A search engine for threats,with graphical visualization.
- ThreatIngestor - Buildautomated threat intel pipelines sourcing from Twitter, RSS, GitHub, andmore.
- ThreatTracker - A Pythonscript to monitor and generate alerts based on IOCs indexed by a set ofGoogle Custom Search Engines.
- TIQ-test - Data visualizationand statistical analysis of Threat Intelligence feeds.
Other Resources
Threat intelligence and IOC resources.
- Autoshun (list) -Snort plugin and blocklist.
- Bambenek Consulting Feeds -OSINT feeds based on malicious DGA algorithms.
- Fidelis Barncat -Extensive malware config database (must request access).
- CI Army (list) -Network security blocklists.
- Critical Stack- Free Intel Market - Freeintel aggregator with deduplication featuring 90+ feeds and over 1.2M indicators.
- Cybercrime tracker - Multiple botnet active tracker.
- FireEye IOCs - Indicators of Compromiseshared publicly by FireEye.
- FireHOL IP Lists - Analytics for 350+ IP listswith a focus on attacks, malware and abuse. Evolution, Changes History,Country Maps, Age of IPs listed, Retention Policy, Overlaps.
- HoneyDB - Community driven honeypot sensor data collection and aggregation.
- hpfeeds - Honeypot feed protocol.
- Infosec - CERT-PA lists (IPs - Domains - URLs) - Blocklist service.
- InQuest REPdb - Continuous aggregation of IOCs from a variety of open reputation sources.
- InQuest IOCdb - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter.
- Internet Storm Center (DShield) - Diary andsearchable incident database, with a web API.(unofficial Python library).
- malc0de - Searchable incident database.
- Malware Domain List - Search and sharemalicious URLs.
- MetaDefender Threat Intelligence Feed -List of the most looked up file hashes from MetaDefender Cloud.
- OpenIOC - Framework for sharing threat intelligence.
- Proofpoint Threat Intelligence -Rulesets and more. (Formerly Emerging Threats.)
- Ransomware overview -A list of ransomware overview with details, detection and prevention.
- STIX - Structured Threat Information eXpression -Standardized language to represent and share cyber threat information.Related efforts from MITRE:
- SystemLookup - SystemLookup hosts a collection of lists that provide information onthe components of legitimate and potentially unwanted programs.
- ThreatMiner - Data mining portal for threatintelligence, with search.
- threatRECON - Search for indicators, up to 1000free per month.
- ThreatShare - C2 panel tracker
- Yara rules - Yara rules repository.
- YETI - Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository.
- ZeuS Tracker - ZeuSblocklists.
Detection and Classification
Antivirus and other malware identification tools
- AnalyzePE - Wrapper for avariety of tools for reporting on Windows PE files.
- Assemblyline - A scalabledistributed file analysis framework.
- BinaryAlert - An open source, serverlessAWS pipeline that scans and alerts on uploaded files based on a set ofYARA rules.
- capa - Detects capabilities in executable files.
- chkrootkit - Local Linux rootkit detection.
- ClamAV - Open source antivirus engine.
- Detect It Easy(DiE) - A program fordetermining types of files.
- Exeinfo PE - Packer, compressor detector, unpackinfo, internal exe tools.
- ExifTool - Read, write andedit file metadata.
- File Scanning Framework -Modular, recursive file scanning solution.
- fn2yara - FN2Yara is a tool to generateYara signatures for matching functions (code) in an executable program.
- Generic File Parser - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
- hashdeep - Compute digest hashes witha variety of algorithms.
- HashCheck - Windows shell extensionto compute hashes with a variety of algorithms.
- Loki - Host based scanner for IOCs.
- Malfunction - Catalog andcompare malware at a function level.
- Manalyze - Static analyzer for PEexecutables.
- MASTIFF - Static analysisframework.
- MultiScanner - Modular filescanning/analysis framework
- Nauz File Detector(NFD) - Linker/Compiler/Tool detector for Windows, Linux and MacOS.
- nsrllookup - A tool for lookingup hashes in NIST's National Software Reference Library database.
- packerid - A cross-platformPython alternative to PEiD.
- PE-bear - Reversing tool for PEfiles.
- PEframe - PEframe is an open source tool to perform static analysis on Portable Executable malware and malicious MS Office documents.
- PEV - A multiplatform toolkit to work with PEfiles, providing feature-rich tools for proper analysis of suspicious binaries.
- PortEx - Java library to analyse PE files with a special focus on malware analysis and PE malformation robustness.
- Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
- Rootkit Hunter - Detect Linux rootkits.
- ssdeep - Compute fuzzy hashes.
- totalhash.py -Python script for easy searching of the TotalHash.cymru.comdatabase.
- TrID - File identifier.
- YARA - Pattern matching tool foranalysts.
- Yara rules generator - Generateyara rules based on a set of malware samples. Also contains a goodstrings DB to avoid false positives.
- Yara Finder - A simple tool to yara match the file against various yara rules to find the indicators of suspicion.
Online Scanners and Sandboxes
Web-based multi-AV scanners, and malware sandboxes for automated analysis.
- anlyz.io - Online sandbox.
- any.run - Online interactive sandbox.
- AndroTotal - Free online analysis of APKsagainst multiple mobile antivirus apps.
- AVCaesar - Malware.lu online scanner andmalware repository.
- BoomBox - Automatic deployment of CuckooSandbox malware lab using Packer and Vagrant.
- Cryptam - Analyze suspicious office documents.
- Cuckoo Sandbox - Open source, self hostedsandbox and automated analysis system.
- cuckoo-modified - Modifiedversion of Cuckoo Sandbox released under the GPL. Not merged upstream due tolegal concerns by the author.
- cuckoo-modified-api - APython API used to control a cuckoo-modified sandbox.
- DeepViz - Multi-format file analyzer withmachine-learning classification.
- detux - A sandbox developed to dotraffic analysis of Linux malwares and capturing IOCs.
- DRAKVUF - Dynamic malware analysissystem.
- firmware.re - Unpacks, scans and analyzes almost anyfirmware package.
- HaboMalHunter - An Automated MalwareAnalysis Tool for Linux ELF Files.
- Hybrid Analysis - Online malwareanalysis tool, powered by VxSandbox.
- Intezer - Detect, analyze, and categorize malware byidentifying code reuse and code similarities.
- IRMA - An asynchronous and customizableanalysis platform for suspicious files.
- Joe Sandbox - Deep malware analysis with Joe Sandbox.
- Jotti - Free online multi-AV scanner.
- Limon - Sandbox for Analyzing Linux Malware.
- Malheur - Automatic sandboxed analysisof malware behavior.
- malice.io - Massively scalable malware analysis framework.
- malsub - A Python RESTful API framework foronline malware and URL analysis services.
- Malware config - Extract, decode and display onlinethe configuration settings from common malwares.
- MalwareAnalyser.io - Online malware anomaly-based static analyser with heuristic detection engine powered by data mining and machine learning.
- Malwr - Free analysis with an online Cuckoo Sandboxinstance.
- MetaDefender Cloud - Scan a file, hash, IP, URL ordomain address for malware for free.
- NetworkTotal - A service that analyzespcap files and facilitates the quick detection of viruses, worms, trojans, and allkinds of malware using Suricata configured with EmergingThreats Pro.
- Noriben - Uses Sysinternals Procmon tocollect information about malware in a sandboxed environment.
- PacketTotal - PacketTotal is an online engine for analyzing .pcap files, and visualizing the network traffic within.
- PDF Examiner - Analyse suspicious PDF files.
- ProcDot - A graphical malware analysis tool kit.
- Recomposer - A helperscript for safely uploading binaries to sandbox sites.
- sandboxapi - Python library forbuilding integrations with several open source and commercial malware sandboxes.
- SEE - Sandboxed Execution Environment (SEE)is a framework for building test automation in secured Environments.
- SEKOIA Dropper Analysis - Online dropper analysis (Js, VBScript, Microsoft Office, PDF).
- VirusTotal - Free online analysis of malwaresamples and URLs
- Visualize_Logs - Open sourcevisualization library and command line tools for logs. (Cuckoo, Procmon, moreto come..)
- Zeltser's List - Freeautomated sandboxes and services, compiled by Lenny Zeltser.
Domain Analysis
Inspect domains and IP addresses.
- AbuseIPDB - AbuseIPDB is a project dedicatedto helping combat the spread of hackers, spammers, and abusive activity on the internet.
- badips.com - Community based IP blacklist service.
- boomerang - A tool designedfor consistent and safe capture of off network web resources.
- Cymon - Threat intelligence tracker, with IP/domain/hashsearch.
- Desenmascara.me - One click tool to retrieve asmuch metadata as possible for a website and to assess its good standing.
- Dig - Free online dig and othernetwork tools.
- dnstwist - Domain name permutationengine for detecting typo squatting, phishing and corporate espionage.
- IPinfo - Gather informationabout an IP or domain by searching online resources.
- Machinae - OSINT tool forgathering information about URLs, IPs, or hashes. Similar to Automator.
- mailchecker - Cross-languagetemporary email detection library.
- MaltegoVT - Maltego transformfor the VirusTotal API. Allows domain/IP research, and searching for filehashes and scan reports.
- Multi rbl - Multiple DNS blacklist and forwardconfirmed reverse DNS lookup over more than 300 RBLs.
- NormShield Services - Free API Servicesfor detecting possible phishing domains, blacklisted ip addresses and breachedaccounts.
- PhishStats - Phishing Statistics with search forIP, domain and website title
- Spyse - subdomains, whois, realted domains, DNS, hosts AS, SSL/TLS info,
- SecurityTrails - Historical and current WHOIS,historical and current DNS records, similar domains, certificate informationand other domain and IP related API and tools.
- SpamCop - IP based spam block list.
- SpamHaus - Block list based ondomains and IPs.
- Sucuri SiteCheck - Free Website Malwareand Security Scanner.
- Talos Intelligence - Search for IP, domainor network owner. (Previously SenderBase.)
- TekDefense Automater - OSINT toolfor gathering information about URLs, IPs, or hashes.
- URLhaus - A project from abuse.ch with the goalof sharing malicious URLs that are being used for malware distribution.
- URLQuery - Free URL Scanner.
- urlscan.io - Free URL Scanner & domain information.
- Whois - DomainTools free online whoissearch.
- Zeltser's List - Freeonline tools for researching malicious websites, compiled by Lenny Zeltser.
- ZScalar Zulu - Zulu URL Risk Analyzer.
Browser Malware
Analyze malicious URLs. See also the domain analysis anddocuments and shellcode sections.
- Bytecode Viewer - Combinesmultiple Java bytecode viewers and decompilers into one tool, includingAPK/DEX support.
- Firebug - Firefox extension for web development.
- Java Decompiler - Decompile and inspect Java apps.
- Java IDX Parser - Parses JavaIDX cache files.
- JSDetox - JavaScriptmalware analysis tool.
- jsunpack-n - A javascriptunpacker that emulates browser functionality.
- Krakatau - Java decompiler,assembler, and disassembler.
- Malzilla - Analyze malicious web pages.
- RABCDAsm - A 'RobustActionScript Bytecode Disassembler.'
- SWF Investigator -Static and dynamic analysis of SWF applications.
- swftools - Tools for working with Adobe Flashfiles.
- xxxswf - APython script for analyzing Flash files.
Documents and Shellcode
Analyze malicious JS and shellcode from PDFs and Office documents. See alsothe browser malware section.
- AnalyzePDF - A tool foranalyzing PDFs and attempting to determine whether they are malicious.
- box-js - A tool for studying JavaScriptmalware, featuring JScript/WScript support and ActiveX emulation.
- diStorm - Disassembler for analyzingmalicious shellcode.
- InQuest Deep File Inspection - Upload common malware lures for Deep File Inspection and heuristical analysis.
- JS Beautifier - JavaScript unpacking and deobfuscation.
- libemu - Library and tools for x86 shellcodeemulation.
- malpdfobj - Deconstruct malicious PDFsinto a JSON representation.
- OfficeMalScanner - Scan formalicious traces in MS Office documents.
- olevba - A script for parsing OLEand OpenXML documents and extracting useful information.
- Origami PDF - A tool foranalyzing malicious PDFs, and more.
- PDF Tools - pdfid,pdf-parser, and more from Didier Stevens.
- PDF X-Ray Lite - A PDF analysis tool,the backend-free version of PDF X-RAY.
- peepdf - Pythontool for exploring possibly malicious PDFs.
- QuickSand - QuickSand is a compact C frameworkto analyze suspected malware documents to identify exploits in streams of differentencodings and to locate and extract embedded executables.
- Spidermonkey -Mozilla's JavaScript engine, for debugging malicious JS.
File Carving
For extracting files from inside disk and memory images.
- bulk_extractor - Fast filecarving tool.
- EVTXtract - Carve WindowsEvent Log files from raw binary data.
- Foremost - File carving tool designedby the US Air Force.
- hachoir3 - Hachoir is a Python libraryto view and edit a binary stream field by field.
- Scalpel - Another data carvingtool.
- SFlock - Nested archiveextraction/unpacking (used in Cuckoo Sandbox).
Deobfuscation
Reverse XOR and other code obfuscation methods.
- Balbuzard - A malwareanalysis tool for reversing obfuscation (XOR, ROL, etc) and more.
- de4dot - .NET deobfuscator andunpacker.
- ex_pe_xor& iheartxor -Two tools from Alexander Hanel for working with single-byte XOR encodedfiles.
- FLOSS - The FireEye Labs ObfuscatedString Solver uses advanced static analysis techniques to automaticallydeobfuscate strings from malware binaries.
- NoMoreXOR - Guess a 256 byteXOR key using frequency analysis.
- PackerAttacker - A generichidden code extractor for Windows malware.
- PyInstaller Extractor -A Python script to extract the contents of a PyInstaller generated Windowsexecutable file. The contents of the pyz file (usually pyc files) presentinside the executable are also extracted and automatically fixed so that aPython bytecode decompiler will recognize it.
- uncompyle6 - A cross-versionPython bytecode decompiler. Translates Python bytecode back into equivalentPython source code.
- un{i}packer - Automatic andplatform-independent unpacker for Windows binaries based on emulation.
- unpacker - Automated malwareunpacker for Windows malware based on WinAppDbg.
- unxor - Guess XOR keys usingknown-plaintext attacks.
- VirtualDeobfuscator -Reverse engineering tool for virtualization wrappers.
- XORBruteForcer -A Python script for brute forcing single-byte XOR keys.
- XORSearch & XORStrings -A couple programs from Didier Stevens for finding XORed data.
- xortool - Guess XOR key length, aswell as the key itself.
Debugging and Reverse Engineering
Disassemblers, debuggers, and other static and dynamic analysis tools.
- angr - Platform-agnostic binary analysisframework developed at UCSB's Seclab.
- bamfdetect - Identifies and extractsinformation from bots and other malware.
- BAP - Multiplatform andopen source (MIT) binary analysis framework developed at CMU's Cylab.
- BARF - Multiplatform, opensource Binary Analysis and Reverse engineering Framework.
- binnavi - Binary analysis IDE forreverse engineering based on graph visualization.
- Binary ninja - A reversing engineering platformthat is an alternative to IDA.
- Binwalk - Firmware analysis tool.
- BluePill - Framework for executing and debugging evasive malware and protected executables.
- Capstone - Disassembly framework forbinary analysis and reversing, with support for many architectures andbindings in several languages.
- codebro - Web based code browser using clang to provide basic code analysis.
- Cutter - GUI for Radare2.
- DECAF (Dynamic Executable Code Analysis Framework)- A binary analysis platform based on QEMU. DroidScope is now an extension to DECAF.
- dnSpy - .NET assembly editor, decompilerand debugger.
- dotPeek - Free .NET Decompiler andAssembly Browser.
- Evan's Debugger (EDB) - Amodular debugger with a Qt GUI.
- Fibratus - Tool for explorationand tracing of the Windows kernel.
- FPort - Reportsopen TCP/IP and UDP ports in a live system and maps them to the owning application.
- GDB - The GNU debugger.
- GEF - GDB Enhanced Features, for exploitersand reverse engineers.
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- hackers-grep - A utility tosearch for strings in PE executables including imports, exports, and debugsymbols.
- Hopper - The macOS and Linux Disassembler.
- IDA Pro - Windowsdisassembler and debugger, with a free evaluation version.
- IDR - Interactive Delphi Reconstructoris a decompiler of Delphi executable files and dynamic libraries.
- Immunity Debugger - Debugger formalware analysis and more, with a Python API.
- ILSpy - ILSpy is the open-source .NET assembly browser and decompiler.
- Kaitai Struct - DSL for file formats / network protocols /data structures reverse engineering and dissection, with code generationfor C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
- LIEF - LIEF provides a cross-platform libraryto parse, modify and abstract ELF, PE and MachO formats.
- ltrace - Dynamic analysis for Linux executables.
- mac-a-mal - An automated frameworkfor mac malware hunting.
- objdump - Part of GNU binutils,for static analysis of Linux binaries.
- OllyDbg - An assembly-level debugger for Windowsexecutables.
- OllyDumpEx - Dump memoryfrom (unpacked) malware Windows process and store raw or rebuild PE file.This is a plugin for OllyDbg, Immunity Debugger, IDA Pro, WinDbg, and x64dbg.
- PANDA - Platform for Architecture-NeutralDynamic Analysis.
- PEDA - Python Exploit DevelopmentAssistance for GDB, an enhanced display with added commands.
- pestudio - Perform static analysis of Windowsexecutables.
- Pharos - The Pharos binary analysis frameworkcan be used to perform automated static analysis of binaries.
- plasma - Interactivedisassembler for x86/ARM/MIPS.
- PPEE (puppy) - A Professional PE file Explorer forreversers, malware researchers and those who want to statically inspect PEfiles in more detail.
- Process Explorer -Advanced task manager for Windows.
- Process Hacker - Tool that monitorssystem resources.
- Process Monitor -Advanced monitoring tool for Windows programs.
- PSTools - Windowscommand-line tools that help manage and investigate live systems.
- Pyew - Python tool for malwareanalysis.
- PyREBox - Python scriptable reverseengineering sandbox by the Talos team at Cisco.
- QKD - QEMU with embedded WinDbgserver for stealth debugging.
- Radare2 - Reverse engineering framework, withdebugger support.
- RegShot - Registry compare utilitythat compares snapshots.
- RetDec - Retargetable machine-code decompiler with anonline decompilation service andAPI that you can use in your tools.
- ROPMEMU - A framework to analyze, dissectand decompile complex code-reuse attacks.
- Scylla Imports Reconstructor - Find and fixthe IAT of an unpacked / dumped PE32 malware.
- ScyllaHide - An Anti-Anti-Debug libraryand plugin for OllyDbg, x64dbg, IDA Pro, and TitanEngine.
- SMRT - Sublime Malware Research Tool, aplugin for Sublime 3 to aid with malware analyis.
- strace - Dynamic analysis forLinux executables.
- StringSifter - A machine learning toolthat automatically ranks strings based on their relevance for malware analysis.
- Triton - A dynamic binary analysis (DBA) framework.
- Udis86 - Disassembler library and toolfor x86 and x86_64.
- Vivisect - Python tool formalware analysis.
- WinDbg - multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.
- X64dbg - An open-source x64/x32 debugger for windows.
Network
Analyze network interactions.
- Bro - Protocol analyzer that operates at incrediblescale; both file and network protocols.
- BroYara - Use Yara rules from Bro.
- CapTipper - Malicious HTTP trafficexplorer.
- chopshop - Protocol analysis anddecoding framework.
- CloudShark - Web-based tool for packet analysisand malware traffic detection.
- FakeNet-NG - Next generationdynamic network analysis tool.
- Fiddler - Intercepting web proxy designedfor 'web debugging.'
- Hale - Botnet C&C monitor.
- Haka - An open source security orientedlanguage for describing protocols and applying security policies on (live)captured traffic.
- HTTPReplay - Library for parsingand reading out PCAP files, including TLS streams using TLS Master Secrets(used in Cuckoo Sandbox).
- INetSim - Network service emulation, useful whenbuilding a malware lab.
- Laika BOSS - Laika BOSS is a file-centricmalware analysis and intrusion detection system.
- Malcolm - Malcolm is a powerful, easilydeployable network traffic analysis tool suite for full packet capture artifacts(PCAP files) and Zeek logs.
- Malcom - Malware CommunicationsAnalyzer.
- Maltrail - A malicious trafficdetection system, utilizing publicly available (black)lists containingmalicious and/or generally suspicious trails and featuring an reportingand analysis interface.
- mitmproxy - Intercept network traffic on the fly.
- Moloch - IPv4 traffic capturing, indexingand database system.
- NetworkMiner - Networkforensic analysis tool, with a free version.
- ngrep - Search through network trafficlike grep.
- PcapViz - Network topology andtraffic visualizer.
- Python ICAP Yara - AnICAP Server with yara scanner for URL or content.
- Squidmagic - squidmagic is a tooldesigned to analyze a web-based network traffic to detect central commandand control (C&C) servers and malicious sites, using Squid proxy server andSpamhaus.
- Tcpdump - Collect network traffic.
- tcpick - Trach and reassemble TCP streamsfrom network traffic.
- tcpxtract - Extract files from networktraffic.
- Wireshark - The network traffic analysistool.
Memory Forensics
Tools for dissecting malware in memory images or running systems.
- BlackLight - Windows/MacOSforensics client supporting hiberfil, pagefile, raw memory analysis.
- DAMM - Differential Analysis ofMalware in Memory, built on Volatility.
- evolve - Web interface for theVolatility Memory Forensics Framework.
- FindAES - Find AESencryption keys in memory.
- inVtero.net - High speed memoryanalysis framework developed in .NET supports all Windows x64, includescode integrity and write support.
- Muninn - A script to automate portionsof analysis using Volatility, and create a readable report.
- Rekall - Memory analysis framework,forked from Volatility in 2013.
- TotalRecall - Script basedon Volatility for automating various malware analysis tasks.
- VolDiff - Run Volatility on memoryimages before and after malware execution, and report changes.
- Volatility - Advancedmemory forensics framework.
- VolUtility - Web Interface forVolatility Memory Analysis framework.
- WDBGARK -WinDBG Anti-RootKit Extension.
- WinDbg -Live memory inspection and kernel debugging for Windows systems.
Regshot Equivalent For Mac Os
Windows Artifacts
- AChoir - A live incident responsescript for gathering Windows artifacts.
- python-evt - Pythonlibrary for parsing Windows Event Logs.
- python-registry - Pythonlibrary for parsing registry files.
- RegRipper(GitHub) -Plugin-based registry analysis tool.
Storage and Workflow
- Aleph - Open Source Malware AnalysisPipeline System.
- CRITs - Collaborative Research Into Threats, amalware and threat repository.
- FAME - A malware analysisframework featuring a pipeline that can be extended with custom modules,which can be chained and interact with each other to perform end-to-endanalysis.
- Malwarehouse - Store, tag, andsearch malware.
- Polichombr - A malware analysisplatform designed to help analysts to reverse malwares collaboratively.
- stoQ - Distributed content analysisframework with extensive plugin support, from input to output, and everythingin between.
- Viper - A binary management and analysis framework foranalysts and researchers.
Miscellaneous
- al-khaser - A PoC malwarewith good intentions that aimes to stress anti-malware systems.
- CryptoKnight - Automated cryptographic algorithm reverse engineering and classification framework.
- DC3-MWCP -The Defense Cyber Crime Center's Malware Configuration Parser framework.
- FLARE VM - A fully customizable,Windows-based, security distribution for malware analysis.
- MalSploitBase - A databasecontaining exploits used by malware.
- Malware Museum - Collection ofmalware programs that were distributed in the 1980s and 1990s.
- Malware Organiser - A simple tool to organise large malicious/benign files into a organised Structure.
- Pafish - Paranoid Fish, a demonstrationtool that employs several techniques to detect sandboxes and analysisenvironments in the same way as malware families do.
- REMnux - Linux distribution and docker images formalware reverse engineering and analysis.
- Tsurugi Linux - Linux distribution designed to support your DFIR investigations, malware analysis and OSINT (Open Source INTelligence) activities.
- Santoku Linux - Linux distribution for mobileforensics, malware analysis, and security.
Books
Essential malware analysis reading material.
- Learning Malware Analysis - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware
- Malware Analyst's Cookbook and DVD -Tools and Techniques for Fighting Malicious Code.
- Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks
- Mastering Reverse Engineering - Mastering Reverse Engineering: Re-engineer your ethical hacking skills
- Practical Malware Analysis - The Hands-OnGuide to Dissecting Malicious Software.
- Practical Reverse Engineering -Intermediate Reverse Engineering.
- Real Digital Forensics - ComputerSecurity and Incident Response.
- Rootkits and Bootkits - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
- The Art of Memory Forensics - DetectingMalware and Threats in Windows, Linux, and Mac Memory.
- The IDA Pro Book - The Unofficial Guideto the World's Most Popular Disassembler.
- The Rootkit Arsenal - The Rootkit Arsenal:Escape and Evasion in the Dark Corners of the System
Other
- APT Notes - A collection of papersand notes related to Advanced Persistent Threats.
- Ember - Endgame Malware BEnchmark for Research,a repository that makes it easy to (re)create a machine learning model that can be usedto predict a score for a PE file based on static analysis.
- File Formats posters - Nice visualizationof commonly used file format (including PE & ELF).
- Honeynet Project - Honeypot tools, papers, andother resources.
- Kernel Mode - An active communitydevoted to malware analysis and kernel development.
- Malicious Software - Malwareblog and resources by Lenny Zeltser.
- Malware Analysis Search -Custom Google search engine from Corey Harrell.
- Malware Analysis Tutorials -The Malware Analysis Tutorials by Dr. Xiang Fu, a great resource for learningpractical malware analysis.
- Malware Analysis, Threat Intelligence and Reverse Engineering -Presentation introducing the concepts of malware analysis, threat intelligenceand reverse engineering. Experience or prior knowledge is not required. Labslink in description.
- Malware Persistence - Collectionof various information focused on malware persistence: detection (techniques),response, pitfalls and the log collection (tools).
- Malware Samples and Traffic - Thisblog focuses on network traffic related to malware infections.
- Malware Search+++ Firefox extension allowsyou to easily search some of the most popular malware databases
- Practical Malware Analysis Starter Kit -This package contains most of the software referenced in the Practical MalwareAnalysis book.
- RPISEC Malware Analysis - These are thecourse materials used in the Malware Analysis course at at Rensselaer PolytechnicInstitute during Fall 2015.
- WindowsIR: Malware - HarlanCarvey's page on Malware.
- Windows Registry specification -Windows registry file format specification.
- /r/csirt_tools - Subreddit for CSIRTtools and resources, with amalware analysis flair.
- /r/Malware - The malware subreddit.
- /r/ReverseEngineering -Reverse engineering subreddit, not limited to just malware.
Pull requests and issues with suggestions are welcome! Please read theCONTRIBUTING guidelines before submitting a PR.
This list was made possible by:
- Lenny Zeltser and other contributors for developing REMnux, where Ifound many of the tools in this list;
- Michail Hale Ligh, Steven Adair, Blake Hartstein, and Mather Richard forwriting the Malware Analyst's Cookbook, which was a big inspiration forcreating the list;
- And everyone else who has sent pull requests or suggested links to add here!
Thanks!
Cyber security is more important than ever these days. That is why it is important that you keep a close eye on your computer’s activity when trying to install MAMP or similar programs. There are several applications available to help you do just that. Installwatch Pro is one of many registry and file change detectors that can be downloaded straight to your computer. If you want an application that can help you track the activity on your computer, read below for a list of the most highly rated programs.
InstallWatch Pro
InstallWatch Pro is a freeware application made for Windows. Many users favor InstallWatch Pro because of its easy-to-read interface. Tweet oops oh my free download. InstallWatch Pro will compare the contents of your filesystem between two points in time of your choosing. Then, it will display the results in a standard Explorer window. This allows you to see additions, deletions and any modifications that were made to your files all at once. In addition to this function, InstallWatch Pro also has many other useful features that security-conscious computer users may enjoy, although, unfortunately, it does not have an app for your rooted phone yet. InstallWatch Pro includes a “Check for Updates” feature. This feature allows you to check in on your filesystem whenever you want. Additionally, you can relocate installations on your computer and export your filesystem reports to text, so that you will always have them laid out clearly. If you want a free and easy to use filesystem tracker, consider downloading InstallWatch Pro.
Free InstallWatch Pro
Beware of the many supposed free InstallWatch software downloads. As you surely know, there are many ways to get free versions of software on the web. This is even more true of an already free, open-source software like InstallWatch. However, these downloads can infect your computer with dangerous malware. Obviously, if you are downloading a program like InstallWatch, this is the last thing you want. Make sure to stay within reputable dealers when searching for your InstallWatch Pro software download.
SpyMe Tools
SpyMe Tools is another filesystem tracker that can keep you in the know when it comes to your computer. It is a portable program that has stood the test of time. Like Installwatch Pro, SpyMe Tools has an easy-to-read interface. However, SpyMe Tools has its drawbacks. Unlike Installwach Pro, it cannot show changes to files and registry at the same time. All apps for mac free download. Instead, it will give you a snapshot of your files and registry separately. This can be a drawback for those of you who want to be able to detect issues with your computer quickly and easily. Regardless, SpyMe Tools is a great option to test and compare your files and registry on the go, without having to worry about cost like you do with Dropbox pricing.
RegScanner
RegScanner is a troubleshooting software that will tell you everything you need to know about your recent registry activity after you clean up Mac or PC programs. With RegScanner, you can search for registry changes that happened anywhere within the past five minutes to the past year. The final report will show you exactly what keys, files and programs have been altered. Unfortunately, RegScanner cannot show you if a particular item has been accessed. If you are concerned about snoops or data theft, RegScanner may not be ideal for you. However, if you merely want to track changes in your registry, RegScanner can do that for free.
SysTracer
SysTracer is a system utility tool that will also scan and analyze your Toughbooks or other personal computers for file changes. Once it has detected changes in your system, SysTracer will provide you with a snapshot of the entire system. Alternatively, you can choose to view a snapshot of particular files or registries that you would like to focus on. SysTracer also has a Pro version that features added benefits. SysTracer Pro, like Installwatch Pro, allows you to export snapshots so that you can keep that information safe on paper or in a particular file format. Additionally, you can search for particular files or folders with SysTracer Pro. If you need a thorough software to watch over your computer, consider downloading SysTracer.
Regshot Unicode
Regshot is another useful program to help you track files before and after a program download. The utility has been around for quite a while, and is still a favorite of many techies. Regshot takes before and after snapshots of your computer’s system registry and uses the data to monitor file changes. However, this particular program is probably best left for advanced tech users. The customizable features may be a bit confusing for an inexperienced user. If you are a knowledgeable computer whiz, Regshot Unicode amy be the solution for you.
Installwatch Pro and several other file tracking programs can be extremely useful to computer users of all skill levels. If you want something easy to read and use, download Installwatch Pro. If that application is not right for you, there are plenty of other options, like a Prime95 download. SysTracer, RegScanner and SpyMe Tools are all reputable file and registry detectors as well. Do you already have a preferred tracking tool? Let us know what it is in the comments.
Photo from http://codedragon.tistory.com/940