Tag Archives: malware analysis

CSE Releases Malware Analysis Tool

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/10/cse_releases_ma.html

The Communications Security Establishment of Canada — basically, Canada’s version of the NSA — has released a suite of malware analysis tools:

Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis.

sheep-wolf – Exploit MD5 Collisions For Malware Detection

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/ZBPMdkZzgOc/

sheep-wolf is a tool to help you Exploit MD5 Collisions in software, specially malware samples which are commonly detected using MD5 hash signatures. and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and […]

The post…

Read the full post at darknet.org.uk

PowerShellArsenal – PowerShell For Reverse Engineering

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/hGNq4wBWMBA/

PowerShellArsenal is basically PowerShell for reverse engineering in a module format. The module can be used to disassemble managed and unmanaged code, perform .NET malware analysis, analyse/scrape memory, parse file formats and memory structures, obtain internal system information, etc. PowerShellArsenal is comprised of the following tools:…

Read the full post at darknet.org.uk

Androguard – Reverse Engineering & Malware Analysis For Android

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/6-3ScpU6zF8/

Androguard is a toolkit built in Python which provides reverse engineering and malware analysis for Android. It’s buyilt to examine * Dex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation), * APK (Android application) (.apk), * Android’s binary xml (.xml) and * Android Resources (.arsc). Androguard is available for Linux/OSX/Windows…

Read the full post at darknet.org.uk

CuckooDroid – Automated Android Malware Analysis

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/8NVjl2VcmJs/

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, for Android malware analysis. CuckooDroid brings to Cuckoo the capabilities of execution and analysis of android applications. CuckooDroid provides both static and dynamic APK inspection as well as evading certain VM-detection…

Read the full post at darknet.org.uk

Cuckoo Sandbox – Automated Malware Analysis System

Post Syndicated from Darknet original http://feedproxy.google.com/~r/darknethackers/~3/iMc00VXgeMk/

Cuckoo Sandbox is Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behaviour of the malicious processes while running in an isolated environment. In other words, you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide […]

The post…

Read the full post at darknet.org.uk