Tag: malware

Forensics, Malware Analysis

Automater – IP URL and MD5 OSINT Analysis

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal. Options …

Honeypot, Malware Analysis

Glastopf – Web Application Honeypot

Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application. This tool is designed to capture information on the latest web application attacks using a scalable and easy to deploy …

Disassembling, Reverse Engineering

Windows Disassembler for 64-bit & 32-bit Programs

PEBrowse64 Professional (v6.3) is a 64-bit executable and requires the .NET framework. It will display both Win32 and Win64 executables, native, managed and mixed. PEBrowse Professional (v10.1.4) is a static-analysis tool and disassembler for Win32/Win64 executables and Microsoft .NET assemblies. With the PEBrowse disassembler, one can open and examine any executable without the need to …

Forensics, Malware Analysis, Reverse Engineering

Dump running Win32 process memory image

User Mode Process Dumper ver. 8.1 (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools. The userdump generates dump file by several …

Honeypot, Malware Analysis

A Simple Elasticsearch Honeypot

ElasticHoney is a simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch. How it Works This honeypot is pretty simple. It takes requests on the /, /_search, and /_nodes endpoints and returns a JSON response that is identical to a vulnerable ES instance (should be identical – I took the responses straight …

Forensics

Computer Forensic Imaging Software

Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats: DD /RAW (Linux “Disk Dump”) AFF (Advanced Forensic Format) E01 (EnCase®) Forensic Image provides three separate functions: Acquire: The acquire option is used to take a forensic image (an exact …

Malware Analysis

FileAlyzer – Analyze files – Read PE information

FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources …