Thinkst Canarytokens Detector and Diffuser/Nullifier Logo

Thinkst Canarytokens Detector and Diffuser/Nullifier

0
Free
Visit Website

A simple script to detect and remove Canary Tokens. Installation (tested on MacOS 14): git clone https://github.com/referefref/canarytokendetector.git cd canarytokendetector brew install pdftk-java python3 python3-pip -y pip3 install pefile wget https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/disitool.py. Examples: Example running in directory, test-only mode with report output. Example running in nullify, verbose, directory mode (vdf). Background and warranty: I wrote this script to augment a chapter on a book I'm writing about deception technologies, specifically around detection mechanisms for tokens. The detections are simple signature-based detections which could easily be adjusted or randomized by Thinkst in the future. This exists as a PoC, and no warranty of any is provided for the use (or misuse) of this application. Your actions are your own. You execute this at your own risk.

FEATURES

ALTERNATIVES

YARA module for supporting DCSO format bloom filters with hashlookup capabilities.

Repository of scripts, signatures, and IOCs related to various malware analysis topics.

A tool that reveals invisible links within JavaScript files

A tool for reverse engineering Android apk files.

A command-line tool for identifying NoSQL injection vulnerabilities in MongoDB databases

A native Python cross-version decompiler and fragment decompiler.

Collection of slides, materials, demos, crackmes, and writeups from r2con-2017 conference.

Generates a YARA rule to match basic blocks of the current function in IDA Pro