Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any […]
Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and […]
APITracker is a major update to our tool Malpimp. It follows the same methodology for hooking and reporting but with an enhanced feature set and more stable logging options. New to APITracker: 1.Server Logging: APItracker can send the api logs on the remote server so you don’t have to worry about ransomewares etc. 2.Parameters: APItracker […]
A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform the target for malware attacks, so it becomes important to analyze the Linux malwares. Today, there is a need to analyze Linux malwares in an automated way to understand its capabilities. Limon is a sandbox […]
Many times while doing memory analysis (or malware analysis) an analyst would be presented with lots of data and analyst has to manually find the malicious artifacts from that data which takes time and effort. This tool helps in solving that problem by comparing the results between the clean and infected memory images. This tool […]
PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility. The main aim of the project is to combine all the Malware Analysis related tools into a single interface for rapid analysis. PyMal have several wrapper functions to manipulate Executable […]
ExeScan is a console based tool to detect anomalies in PE (Portable Executable) files. It quickly scans given executable file and detect all kind of anomalies in its PE header fields including checksum verification’s, size of various header fields, improper size of raw data, non-ascii/empty section names etc. Various packers/protectors modify PE header to make reversing […]
Shell Detect is a tool to detect presence of Shell Code within a file or network stream. You can either provide raw binary file (such as generated from Metasploit or network stream file as input to this tool. These days attackers distribute malicious files which contains hidden exploit shell code. On opening such files, exploit shell […]
About Malpimp Malpimp is an advanced API tracing tool and designed to automate the reverse engineering process. In the backend it uses pydbg to hook the APIs. It provides include and exclude policies to increase the control on the application in execution. Being command-line tool makes it perfect for automation of malware as well as […]