Malware Analysis

DroidBox is a dynamic analysis framework for Android applications that monitors runtime behavior, network activity, file operations, and security events while generating behavioral visualizations.

JD-GUI is a graphical Java decompiler that reconstructs and displays source code from compiled ".class" files for reverse engineering and code analysis purposes.

Educational resource analyzing the structure and implementation of malicious packages in software ecosystems, with focus on JavaScript/NPM threat models.

Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.

Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.

A process scanning tool that detects and dumps malicious implants, shellcodes, hooks, and memory patches in running processes.

RetDec is an LLVM-based decompiler that converts machine code from various architectures and file formats back into readable C-like source code for reverse engineering and malware analysis.

ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.

A C library that enables cross-platform execution of functions from stripped binaries using file names, offsets, and function signatures.

A Python telnet honeypot that emulates shell environments to capture and analyze IoT malware and botnet binaries through automated detection mechanisms.

A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.

An Open Source solution for management of Threat Intelligence at scale, integrating multiple analyzers and malware analysis tools.

CAPA is a static analysis tool that detects and reports capabilities in executable files across multiple formats, mapping findings to MITRE ATT&CK tactics and techniques.

A javascript malware analysis tool with backend code execution.

A declarative language for describing binary data structures that compiles into parsers for multiple programming languages.

Leading open source automated malware analysis system.

Educational resources for reverse engineering tutorials by lena151.

A multithreaded YARA scanner for incident response or malware zoos.

A collaborative malware analysis framework with various features for automated analysis tasks.

Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

MalConfScan is a Volatility plugin for extracting configuration data of known malware and analyzing memory images.

Halogen automates the creation of YARA rules based on image files embedded in malicious documents to assist in threat detection and identification.

Compact C framework for analyzing suspected malware documents and detecting exploits and embedded executables.