Security Analysis

A cloud security analysis tool that creates digital twins of AWS environments using graph databases to identify attack paths and security misconfigurations through automated and manual rule-based assessments.

RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.

DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.

A report on detecting lateral movement through tracking event logs, updated to include analysis of various tools and commands used by attackers.

Tool for visualizing correspondences between YARA ruleset and samples

DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.

A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

A Python tool that analyzes AWS CloudTrail data to summarize IAM principal activities, API calls, regions, IP addresses, and user agents with configurable timeframes and visualization options.

A command-line tool that extracts manifest and configuration data from Docker registry images for security analysis and reconnaissance purposes.

CFRipper is a security analyzer for AWS CloudFormation templates that identifies vulnerabilities and misconfigurations before cloud deployment.

A Node.js tool that analyzes HTTP security headers on websites to identify missing or problematic security configurations.

A static analysis tool that detects Common Weakness Enumerations (CWEs) in ELF binaries across multiple CPU architectures using Ghidra-based disassembly and various analysis techniques.

A tool that enables Yara rule execution against compressed malware samples, supporting GZip, BZip2, and LZMA formats without manual decompression.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.

A command-line tool that analyzes local CloudTrail files to detect off-instance AWS key usage patterns for security monitoring and forensic analysis.

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

Schneier on Security provides expert analysis and commentary on a wide range of security issues.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

A project focusing on understanding and combating threats to the Internet economy and net citizens.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.