Malware Analysis

A Vim syntax-highlighting plugin for YARA rules that supports versions up to v4.3 and provides enhanced code readability for malware analysts.

In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

Bitscout is a Bash-based live OS constructor tool for building customizable forensic environments used in remote system triage, malware hunting, and digital forensics investigations.

A command-line string extraction utility for digital forensics that supports ASCII and Unicode string extraction from files and directories with pattern matching and filtering capabilities.

An IDA Pro plugin that uses YARA rules to automatically detect cryptographic constants and patterns in binary files during reverse engineering analysis.

A comprehensive guide to incident response, providing effective techniques for responding to advanced attacks against local and remote network resources.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

OCyara performs OCR on images and PDF files to extract text content and scan it against Yara rules for malware detection.

FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.

PhoneyC is a client-side honeypot that emulates vulnerable web browsers to detect and analyze malicious web content and browser-based exploits.

A static analysis framework for extracting key characteristics from various file formats

A command-line tool for analyzing and extracting detailed information from Windows Portable Executable (PE) files.

A command-line tool that parses Google Protobuf encoded data without schema definitions and displays the content in a readable, colored format.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

Hale is a modular botnet command and control monitoring tool that tracks C&C server communications across multiple protocols with web-based analysis interface and collaborative research capabilities.

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

A Windows context menu integration tool that scans files and folders for malware patterns, crypto signatures, and malicious documents using Yara rules and PEID signatures.

A collection of YARA rules specifically designed for forensic investigations and malware analysis, providing pattern matching capabilities for files and memory dumps.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

A collection of Python scripts that automate tasks and extend IDA Pro disassembler functionality for reverse engineering workflows.

Automatic analysis of malware behavior using machine learning.

A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.

A tool for deep analysis of malicious files using ClamAV and YARA rules, with features like scoring suspect files, building visual tree graphs, and extracting specific patterns.