IDA Pro Binary Diffing Engine.

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

Relate contents:

• Diffrays - Un super outil de diffing binaire IDA Pro pour la recherche de vulnérabilités @ Korben :fr:.

A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.

Thorium is a highly scalable, distributed malware analysis and data generation framework. Thorium is designed to make cyber incident response, triage, and file analysis easier through the safe ingestion and storage of data, automation of analyses and easy access to stored analyses and metadata. Because of the sensitivity and potential maliciousness of data handled within Thorium, uploaded files are placed into an encrypted/neutered format called CaRT. After initial file upload, all analysis is conducted in sandboxed environments where protective measures and sanitization steps can be easily applied.

• Thorium @ GitHub.

Related contents:

• Thorium: A Scalable Platform for Automated File Analysis and Result Aggregation @ CISA.
• CISA open-sources Thorium platform for malware, forensic analysis @ Bleeping Computer.

Malware sample exchange.

MalwareBazaar is a platform from abuse.ch and Spamhaus, dedicated to sharing malware samples with the infosec community, antivirus vendors, and threat intelligence providers. Upload malware samples and explore the database for valuable intelligence. Set alerts to track newly observed malware, use APIs to seamlessly push or pull signals, and automate bulk queries.

Related contents:

• Découverte de MalwareBazaar : Ça ressemble à quoi, un malware ? @ IT-Connect :fr:.

An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.

This repository is an open-source dataset of 5938 malicious software packages (and counting) identified by Datadog, as part of our security research efforts in software supply-chain security. Most of the malicious packages have been identified by GuardDog.

Related contents:

• Episode #497: sécurisation de la chaîne d’approvisionnement logicielle (software supply chain) @ NoLimitSecu :fr:.

Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.

DLest is specifically designed to assist developers and malware analysts with the analysis and manipulation of exported functions in Portable Executable (PE) files, particularly DLLs. With DLest, you can easily enumerate exported functions using a variety of methods, including drag and drop, opening a folder, or recursively scanning a folder with regular expression filtering to only include PE files with specific export function names.

Related contents:

• 🚨Voici un petit outil Open Source très intéresssant autour de l'analyse de malware et de la rétro-ingénierie @ Laurent M.'s LinkedIn :fr:.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. MobSF can be used for a variety of use cases such as mobile application security, penetration testing, malware analysis, and privacy analysis. The Static Analyzer supports popular mobile app binaries like APK, IPA, APPX and source code. Meanwhile, the Dynamic Analyzer supports both Android and iOS applications and offers a platform for interactive instrumented testing, runtime data and network traffic analysis. MobSF seamlessly integrates with your DevSecOps or CI/CD pipeline, facilitated by REST APIs and CLI tools, enhancing your security workflow with ease.

• Mobile Security Framework (MobSF) @ GitHub.

Segugio allows the execution and tracking of critical steps in the malware detonation process, from clicking on the first stage to extracting the malware's final stage configuration. Segugio was created to address the need for speeding up the extraction of IoCs from malicious artifacts within the analysis environment. Malware analysis often involves time-consuming activities like static and dynamic analysis, which require extensive knowledge in reverse engineering and code analysis.

Malware analysis tool. Cuckoo3 is a Python 3 open source automated malware analysis system.

Cuckoo3 is an open-source tool to test suspicious files or links in a controlled environment. It will test them in a sandboxed platform emulator(s) and generate a report, showing what the files or websites did during the test.

• Cuckoo3 @ GitHub.

A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

• Ghidra @ GitHub.

Related contents:

• La NSA met à jour son framework de reverse engineering ! @ Antonin HILY's LinkedIn :fr:.