From 67aef882288291fe8fcddbfd06c891aa2abaef38 Mon Sep 17 00:00:00 2001 From: Patrik Hudak Date: Sat, 16 Apr 2016 13:37:35 +0200 Subject: [PATCH 1/3] Add tools --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 61b3644..5f0f0f8 100644 --- a/README.md +++ b/README.md @@ -260,10 +260,12 @@ A curated list of awesome malware analysis tools and resources. Inspired by much metadata as possible for a website and to assess its good standing. * [Dig](http://networking.ringofsaturn.com/) - Free online dig and other network tools. +* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage * [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information about an IP or domain by searching online resources. * [Machinae](https://github.com/hurricanelabs/machinae) - OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator. +* [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language temporary email detection library * [MaltegoVT](https://github.com/jiachongzhi/MaltegoVT) - Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports. @@ -296,6 +298,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by malware analysis tool. * [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript unpacker that emulates browser functionality. +* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler, assembler, and disassembler * [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages. * [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust ActionScript Bytecode Disassembler." @@ -418,6 +421,7 @@ the [browser malware](#browser-malware) section.* Assistance for GDB, an enhanced display with added commands. * [pestudio](https://winitor.com/) - Perform static analysis of Windows executables. +* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Advanced monitoring tool for Windows programs. * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware @@ -428,7 +432,7 @@ the [browser malware](#browser-malware) section.* plugin for Sublime 3 to aid with malware analyis. * [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for Linux executables. -* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework. +* [Triton](http://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework. * [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool for x86 and x86_64. * [Vivisect](https://github.com/vivisect/vivisect) - Python tool for @@ -449,9 +453,10 @@ the [browser malware](#browser-malware) section.* * [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed for "web debugging." * [Hale](https://github.com/pjlantz/Hale) - Botnet C&C monitor. +* [Haka](http://www.haka-security.org/) - Haka is an open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic * [INetSim](http://www.inetsim.org/) - Network service emulation, useful when building a malware lab. -* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric +* [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric malware analysis and intrusion detection system. * [Malcom](https://github.com/tomchop/malcom) - Malware Communications Analyzer. @@ -481,6 +486,7 @@ the [browser malware](#browser-malware) section.* * [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of Malware in Memory, built on Volatility +* [evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework * [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES encryption keys in memory. * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions @@ -493,6 +499,7 @@ the [browser malware](#browser-malware) section.* images before and after malware execution, and report changes. * [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework. +* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for Volatility Memory Analysis framework * [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live memory inspection and kernel debugging for Windows systems. @@ -514,6 +521,7 @@ the [browser malware](#browser-malware) section.* Pipeline System. * [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a malware and threat repository. +* [Laika BOSS](https://github.com/lmco/laikaboss) - Object Scanning System * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and search malware. * [Viper](http://viper.li/) - A binary management and analysis framework for @@ -569,6 +577,7 @@ the [browser malware](#browser-malware) section.* * [APT Notes](https://github.com/kbandla/APTnotes) - A collection of papers and notes related to Advanced Persistent Threats. +* [File Formats posters](https://github.com/corkami/pics) - Nice visualization of commonly used file format (including PE & ELF) * [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and other resources. * [Kernel Mode](http://www.kernelmode.info/forum/) - An active community devoted to @@ -586,6 +595,7 @@ the [browser malware](#browser-malware) section.* Institute during Fall 2015. * [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan Carvey's page on Malware. +* [Windows Registry specification](https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md) - Windows registry file format specification * [/r/csirt_tools](https://www.reddit.com/r/csirt_tools/) - Subreddit for CSIRT tools and resources, with a [malware analysis](https://www.reddit.com/r/csirt_tools/search?q=flair%3A%22Malware%20analysis%22&sort=new&restrict_sr=on) flair. From 8375efddf2d49685b097f9e5f791607a78cb060e Mon Sep 17 00:00:00 2001 From: Patrik Hudak Date: Sun, 17 Apr 2016 22:16:33 +0200 Subject: [PATCH 2/3] Build failure fixed --- README.md | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5f0f0f8..5496ffc 100644 --- a/README.md +++ b/README.md @@ -260,12 +260,14 @@ A curated list of awesome malware analysis tools and resources. Inspired by much metadata as possible for a website and to assess its good standing. * [Dig](http://networking.ringofsaturn.com/) - Free online dig and other network tools. -* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation engine for detecting typo squatting, phishing and corporate espionage +* [dnstwist](https://github.com/elceef/dnstwist) - Domain name permutation +engine for detecting typo squatting, phishing and corporate espionage. * [IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information about an IP or domain by searching online resources. * [Machinae](https://github.com/hurricanelabs/machinae) - OSINT tool for gathering information about URLs, IPs, or hashes. Similar to Automator. -* [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language temporary email detection library +* [mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language +temporary email detection library. * [MaltegoVT](https://github.com/jiachongzhi/MaltegoVT) - Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports. @@ -298,7 +300,8 @@ A curated list of awesome malware analysis tools and resources. Inspired by malware analysis tool. * [jsunpack-n](https://github.com/urule99/jsunpack-n) - A javascript unpacker that emulates browser functionality. -* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler, assembler, and disassembler +* [Krakatau](https://github.com/Storyyeller/Krakatau) - Java decompiler, +assembler, and disassembler. * [Malzilla](http://malzilla.sourceforge.net/) - Analyze malicious web pages. * [RABCDAsm](https://github.com/CyberShadow/RABCDAsm) - A "Robust ActionScript Bytecode Disassembler." @@ -421,7 +424,8 @@ the [browser malware](#browser-malware) section.* Assistance for GDB, an enhanced display with added commands. * [pestudio](https://winitor.com/) - Perform static analysis of Windows executables. -* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS +* [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for +x86/ARM/MIPS. * [Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) - Advanced monitoring tool for Windows programs. * [Pyew](https://github.com/joxeankoret/pyew) - Python tool for malware @@ -453,7 +457,9 @@ the [browser malware](#browser-malware) section.* * [Fiddler](http://www.telerik.com/fiddler) - Intercepting web proxy designed for "web debugging." * [Hale](https://github.com/pjlantz/Hale) - Botnet C&C monitor. -* [Haka](http://www.haka-security.org/) - Haka is an open source security oriented language which allows to describe protocols and apply security policies on (live) captured traffic +* [Haka](http://www.haka-security.org/) - Haka is an open source security +oriented language which allows to describe protocols and apply security +policies on (live) captured traffic. * [INetSim](http://www.inetsim.org/) - Network service emulation, useful when building a malware lab. * [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric @@ -486,7 +492,8 @@ the [browser malware](#browser-malware) section.* * [DAMM](https://github.com/504ensicsLabs/DAMM) - Differential Analysis of Malware in Memory, built on Volatility -* [evolve](https://github.com/JamesHabben/evolve) - Web interface for the Volatility Memory Forensics Framework +* [evolve](https://github.com/JamesHabben/evolve) - Web interface for the +Volatility Memory Forensics Framework. * [FindAES](http://jessekornblum.livejournal.com/269749.html) - Find AES encryption keys in memory. * [Muninn](https://github.com/ytisf/muninn) - A script to automate portions @@ -499,7 +506,8 @@ the [browser malware](#browser-malware) section.* images before and after malware execution, and report changes. * [Volatility](https://github.com/volatilityfoundation/volatility) - Advanced memory forensics framework. -* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for Volatility Memory Analysis framework +* [VolUtility](https://github.com/kevthehermit/VolUtility) - Web Interface for +Volatility Memory Analysis framework. * [WinDbg](https://msdn.microsoft.com/en-us/windows/hardware/hh852365) - Live memory inspection and kernel debugging for Windows systems. @@ -521,7 +529,6 @@ the [browser malware](#browser-malware) section.* Pipeline System. * [CRITs](https://crits.github.io/) - Collaborative Research Into Threats, a malware and threat repository. -* [Laika BOSS](https://github.com/lmco/laikaboss) - Object Scanning System * [Malwarehouse](https://github.com/sroberts/malwarehouse) - Store, tag, and search malware. * [Viper](http://viper.li/) - A binary management and analysis framework for @@ -577,7 +584,8 @@ the [browser malware](#browser-malware) section.* * [APT Notes](https://github.com/kbandla/APTnotes) - A collection of papers and notes related to Advanced Persistent Threats. -* [File Formats posters](https://github.com/corkami/pics) - Nice visualization of commonly used file format (including PE & ELF) +* [File Formats posters](https://github.com/corkami/pics) - Nice visualization +of commonly used file format (including PE & ELF). * [Honeynet Project](http://honeynet.org/) - Honeypot tools, papers, and other resources. * [Kernel Mode](http://www.kernelmode.info/forum/) - An active community devoted to @@ -595,7 +603,7 @@ the [browser malware](#browser-malware) section.* Institute during Fall 2015. * [WindowsIR: Malware](http://windowsir.blogspot.com/p/malware.html) - Harlan Carvey's page on Malware. -* [Windows Registry specification](https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md) - Windows registry file format specification +* [Windows Registry specification](https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md) - Windows registry file format specification. * [/r/csirt_tools](https://www.reddit.com/r/csirt_tools/) - Subreddit for CSIRT tools and resources, with a [malware analysis](https://www.reddit.com/r/csirt_tools/search?q=flair%3A%22Malware%20analysis%22&sort=new&restrict_sr=on) flair. From 3e6e63dde138a9fe33b95d2fe99c679f79f1c890 Mon Sep 17 00:00:00 2001 From: Patrik Hudak Date: Sun, 17 Apr 2016 22:21:19 +0200 Subject: [PATCH 3/3] Fix the enisa link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5496ffc..a7bda15 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ A curated list of awesome malware analysis tools and resources. Inspired by * [AbuseHelper](https://github.com/abusesa/abusehelper) - An open-source framework for receiving and redistributing abuse feeds and threat intel. * [Combine](https://github.com/mlsecproject/combine) - Tool to gather Threat Intelligence indicators from publicly available sources. -* [IntelMQ](https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation) - +* [IntelMQ](https://www.enisa.europa.eu/topics/csirt-cert-services/community-projects/incident-handling-automation) - A tool for CERTs for processing incident data using a message queue. * [IOC Editor](https://www.fireeye.com/services/freeware/ioc-editor.html) - A free editor for XML IOC files.