Security Analysis

A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.

Schneier on Security provides expert analysis and commentary on a wide range of security issues.

Laika BOSS is a scalable object scanner and intrusion detection system that extracts child objects, applies security flags, and generates metadata from files for security analysis.

A project focusing on understanding and combating threats to the Internet economy and net citizens.

A Python wrapper for the Libemu library that enables shellcode analysis and malicious code examination through programmatic interfaces.

A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

A bash script that analyzes executable files to check security properties like PIE, RELRO, canaries, ASLR, and Fortify Source protections.

FARA is a repository of purposefully erroneous Yara rules for training security analysts.

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

A tool that checks if domains are present in Alexa or Cisco top one million domain lists for reputation assessment and threat analysis.

Inspeckage is a dynamic analysis tool for Android applications that provides runtime behavior monitoring through API hooking and real-time system interaction tracking.

Python 3 tool for parsing Yara rules with ongoing development.

Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.

A Ruby-based tool that creates visual diagrams of AWS EC2 security group configurations to help understand network access patterns and security relationships.

A tool that generates YARA rules to search for specific terms within base64-encoded malware samples by enumerating all possible encoding variations.

rpCheckup is an AWS resource policy security analysis tool that identifies public, external, intra-organizational, and private resource access patterns across AWS accounts.

Androwarn performs static analysis of Android applications using Dalvik bytecode examination to detect and report potentially malicious behaviors.

FLOSS is a static analysis tool that automatically extracts and deobfuscates hidden strings from malware binaries using advanced analysis techniques.

yextend extends Yara's functionality by automatically handling archived and compressed content inflation, enabling pattern matching on files buried within multiple layers of archives.

msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.