cysinfo Goto Github PK

followers: 68.0 following: 0.0 repos: 9.0 gists: 0.0

Name: Cysinfo Team

Type: User

Cysinfo Team's Projects

ExeScan is the FREE console based tool to detect anomalies in PE (Portable Executable) files. It quickly scans given executable file and detect all kind of anomalies in its PE header fields including checksum verifications, size of various header fields, improper size of raw data, non-ascii/empty section names etc. Various packers/protectors modify PE header to make reversing harder. Sometimes anomalies in PE header may crash Debugging tools thereby blocking your attempt to reversing. Such anomalies can also make some of the GUI based PE analysis tools to fail to parse PE headers. In such cases ExeScan can come handy by helping you to quickly detect such anomalies. Then you can fix them and proceed to further analysis of malware. In addition to finding various anomalies, it can also detect packer/compiler used to pack/build the target executable file. Being console based tool, you can easily integrate it with your malware automation suite.

hollowfind

Hollowfind is a Volatility plugin to detect different types of process hollowing techniques used in the wild to bypass, confuse, deflect and divert the forensic analysis techniques. The plugin detects such attacks by finding discrepancy in the VAD and PEB, it also disassembles the address of entry point to detect any redirection attempts and also reports any suspicious memory regions which should help in detecting any injected code.

limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools

linux_mem_diff_tool

Script to perform Linux Memory Diff Analysis Using Volatility

malpimp

Malpimp is an advanced API tracing tool and designed to automate the reverse engineering process. In the backend it uses pydbg to hook the APIs. It provides include and exclude policies to increase the control on the application in execution. Being command-line tool makes it perfect for automation of malware as well as API tracing of normal applications. Currently it works on Windows XP & 2003 platforms only.

psinfo

Psinfo is a Volatility plugin which collects the process related information from the VAD (Virtual Address Descriptor) and PEB (Process Enivornment Block) and displays the collected information and suspicious memory regions for all the processes running on the system. This plugin should allow a security analyst to get the process related information and spot any process anamoly without having to run multiple plugins.

pymal

PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.

shelldetect

Shell Detect is the FREE tool to detect presence of Shell Code within a file or network stream. You can either provide raw binary file (such as generated from Metasploit [Reference 4]) or network stream file as input to this tool.

cysinfo Goto Github PK

Cysinfo Team's Projects

api-tracker

exescan

hollowfind

limon

linux_mem_diff_tool

malpimp

psinfo

pymal

shelldetect

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent