Malware Analysis
Explore 65 curated tools and resources
LATEST ADDITIONS
DIANNA is an AI-powered cybersecurity companion from Deep Instinct that analyzes and explains unknown threats, offering malware analysis and translating code intent into natural language.
An open-source binary debugger for Windows with a comprehensive plugin system for malware analysis and reverse engineering.
A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.
Interactive malware hunting service with live access to the heart of an incident.
A malware/botnet analysis framework with a focus on network analysis and process comparison.
A malware processing and analytics tool that utilizes Pig, Django, and Elasticsearch to analyze and visualize malware data.
Drltrace is a dynamic API calls tracer for Windows and Linux applications.
A semi-automatic tool to generate YARA rules from virus samples.
CRITs is an open source malware and threat repository for collaborative threat defense and analysis.
A honeypot designed to detect and analyze malicious activities in instant messaging platforms.
Generate Yara rules from function basic blocks in x64dbg.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
A modified version of Cuckoo Sandbox with enhanced features and capabilities.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A collection of YARA rules for research and hunting purposes.
Java code implementing the AutoYara algorithm for automatic Yara rule generation from input samples.
Free training sessions on Reverse Engineering, Malware Analysis, and Exploit Development.
Android security virtual machine with updated tools and frameworks for reverse engineering and malware analysis.
Malscan is a tool to scan process memory for YARA matches and execute Python scripts.
Automate the process of writing YARA rules based on executable code within malware.
Android Loadable Kernel Modules for reversing and debugging on controlled systems/emulators.
HoneyDrive is the premier honeypot Linux distro with over 10 pre-installed honeypot software packages and numerous analysis tools.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
Holistic malware analysis platform with interactive sandbox, static analyzer, and emulation capabilities.
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Yabin creates Yara signatures from malware to find similar samples.
Interactive online malware sandbox for real-time analysis and threat intelligence
Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.
Automatic YARA rule generation for malware repositories.
Tool for decompressing malware samples to run Yara rules against them.
Malware sandbox for executing malicious files in an isolated environment with advanced features.
Platform for uploading, searching, and downloading malware samples.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
SAST and malware analysis tool for Android APKs with detailed scan information.
A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.
FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.
A static analysis framework for extracting key characteristics from various file formats
Python wrapper for the Libemu library for analyzing shellcode.
Automatic analysis of malware behavior using machine learning.
A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.
A tool for quick and effective Yara rule creation to isolate malware families and malicious objects.
StringSifter is a machine learning tool for automatically ranking strings for malware analysis.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
Hyara is a plugin that simplifies writing YARA rules with various convenient features.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A javascript malware analysis tool with backend code execution.
Leading open source automated malware analysis system.
Educational resources for reverse engineering tutorials by lena151.
A multithreaded YARA scanner for incident response or malware zoos.
A collaborative malware analysis framework with various features for automated analysis tasks.
A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.
MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.
Automatically create yara rules based on images embedded in office documents.
Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.
FLARE Obfuscated String Solver (FLOSS) automatically extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Binary analysis and management framework for organizing malware and exploit samples.
Blazingly fast Yara queries for malware analysts with an analyst-friendly web GUI.
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
A comprehensive guide to malware analysis and reverse engineering, covering topics such as lab setup, debugging, and anti-debugging.
Open Source Intelligence solution for threat intelligence data enrichment and quick analysis of suspicious files or malware.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security