Malware Analysis

PINT is a PIN tool that enables Lua scripting for Intel's PIN dynamic instrumentation framework, allowing researchers to inject custom code during binary analysis processes.

Fnord is a pattern extraction tool that analyzes obfuscated code using sliding window techniques to identify frequent byte sequences and generate experimental YARA rules for malware analysis.

An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

Binkit is a binary analysis tool that merged with DarunGrim and incorporates its analysis algorithms, currently in internal testing before official release.

BinaryAlert is an open-source serverless AWS pipeline that automatically scans files uploaded to S3 buckets with YARA rules and generates immediate alerts when malware is detected.

Android Loadable Kernel Modules for reversing and debugging on controlled systems/emulators.

HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.

A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.

Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.

A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.

Yabin creates Yara signatures from malware to find similar samples.

Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.

A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.

Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.

An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.

FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.

Automatic YARA rule generation for malware repositories.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.

A collection of YARA rules designed to identify files containing sensitive information such as usernames, passwords, and credit card numbers for penetration testing and forensic analysis.

CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.

Email security platform for Microsoft 365 with threat protection

Malware sandbox for executing malicious files in an isolated environment with advanced features.

Strelka is a real-time, container-based file scanning system that performs file extraction and metadata collection at enterprise scale for threat hunting, detection, and incident response.