VolatilityBot
VolatilityBot automates binary extraction and memory analysis, including detecting code injections and strings.
Redexer is a reengineering tool that manipulates Android app binaries. This tool is able to parse a DEX file into an in-memory data structure; to infer with which parameters the app uses certain permissions (we name this feature RefineDroid); to modify and unparse that data structure to produce an output DEX file (we name these features Dr. Android, which stands for Dalvik Rewriting for Android). Publications Dr. Android and Mr. Hide: Fine-grained Permissions in Android Applications. Jinseong Jeon, Kristopher K. Micinski, Jeffrey A. Vaughan, Ari Fogel, Nikhilesh Reddy, Jeffrey S. Foster, and Todd Millstein. In ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '12), Oct 2012. Requirements OCaml and Ruby This tool is tested under OCaml 4.09.0 and Ruby 1.8.6(7), so you need to install them (or higher versions of them). OCaml package/library manager and SHA library To manipulate a SHA-1 signature (hash) in the DEX format, we utilize OCaml SHA library via ocamlfind/findlib, an OCaml library manager. The easiest way to install both is using OPAM, an OCaml package manager, which has both packages---OPAM ocamlfind and OPAM sha. You can also build and/
VolatilityBot automates binary extraction and memory analysis, including detecting code injections and strings.
A collection of Yara rules for detecting malware evasion techniques
Online Java decompiler tool with support for modern Java features.
A simple Python script to test for a hypothetical JWT vulnerability
Fuzzilli is a JavaScript engine fuzzer that helps identify vulnerabilities in JavaScript engines.
Repository of YARA rules for Trellix ATR blogposts and investigations