Malware Analysis

A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.

CRITs is an open source malware and threat repository for collaborative threat defense and analysis.

A honeypot designed to detect and analyze malicious activities in instant messaging platforms.

Ghidra is an NSA-developed software reverse engineering framework that provides disassembly, decompilation, and analysis tools for examining compiled code across multiple platforms and processor architectures.

Generate Yara rules from function basic blocks in x64dbg.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.

A GNU Emacs editor mode that provides syntax highlighting, indentation, and language server integration for editing YARA rule files.

PLASMA is an interactive disassembler that generates readable assembly code with colored syntax for reverse engineering binary files across multiple architectures and formats.

A modified version of Cuckoo Sandbox with enhanced features and capabilities.

A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.

A command-line tool that visually displays YARA rule matches, regex matches, and hex patterns in binary data with colored output and configurable context bytes.

UDcide is an Android malware analysis tool that detects and removes specific malicious behaviors from malware samples while preserving the binary for investigation purposes.

A collection of YARA rules for research and hunting purposes.

A Python 3 tool for analyzing XOR-encrypted data that can guess key lengths and decrypt XOR ciphers based on character frequency analysis.

VxSig is a Google-developed tool that automatically generates antivirus byte signatures from similar binaries for Yara and ClamAV detection engines.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

AutoYara is a Java tool that automatically generates YARA rules from malware samples using biclustering algorithms to help analysts create detection rules for malware families.

A .NET assembly debugger and editor that enables reverse engineering and dynamic analysis of compiled .NET applications without source code access.

PyIntelOwl is a Python SDK and CLI client for interacting with IntelOwl's threat intelligence API to submit files and observables for automated security analysis.

An OCaml Ctypes wrapper for the YARA matching engine that enables malware identification capabilities in OCaml applications.

Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.

Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.

Malscan is a tool to scan process memory for YARA matches and execute Python scripts.