MSI Dump – A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner

MSI Dump – a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSIRead More

QRExfiltrate – Tool That Allows You To Convert Any Binary File Into A QRcode Movie. The Data Can Then Be Reassembled Visually Allowing Exfiltration Of Data In Air Gapped Systems

This tool is a command line utility that allows you to convert any binary file into a QRcode GIF. The data can then be reassembled visually allowing exfiltration of data in air gapped systems. It was designed as a proof of concept to demonstrate weaknesses in DLP software; that is, the assumption that data willRead More

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Visually inspect all of the regex matches (and their sexier, more cloak and dagger cousins, the YARA matches) found in binary data and/or text. See what happens when you force various character encodings upon those matched bytes. With colors. Quick Start pipx install yaralyzer# Scan against YARA definitions in a file:yaralyze –yara-rules /secret/vault/sigmunds_malware_rules.yara lacan_buys_the_dip.pdf# ScanRead More

Patching – An Interactive Binary Patching Plugin For IDA Pro

Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow designed for rapid iteration. This project is currently powered by a minorRead More

MUI – A GUI Plugin For Binary Ninja To Easily Interact With And View The Progress Of Manticore

With the Manticore User Interface (MUI) project, we provide a graphical user interface plugin for Binary Ninja to allow users to easily interact with and view progress of the Manticore symbolic execution engine for analysis of smart contracts and native binaries. ATTENTION This project is under active development and may be unstable or unusable. PleaseRead More

FormatFuzzer – A Framework For High-Efficiency, High-Quality Generation And Parsing Of Binary Inputs

FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. >From a binary template for GIF, for instance, FormatFuzzer produces a GIF generator – also known asRead More

RottenPotatoNG – A C++ DLL And Standalone C++ Binary – No Need For Meterpreter Or Other Tools

New version of RottenPotato as a C++ DLL and standalone C++ binary – no need for meterpreter or other tools. RottenPotatoDLL This project generates a DLL and EXE file. The DLL contains all the code necessary to perform the RottenPotato attack and get a handle to a privileged token. The MSFRottenPotatoTestHarness project simply shows exampleRead More

QueenSono – Golang Binary For Data Exfiltration With ICMP Protocol

QueenSono tool only relies on the fact that ICMP protocol isn’t monitored. It is quite common. It could also been used within a system with basic ICMP inspection (ie. frequency and content length watcher). Try to imitate PyExfil (and others) with the idea that the target machine does not necessary have python installed (so provideRead More

Karta – Source Code Assisted Fast Binary Matching Plugin For IDA

“Karta” (Russian for “Map”) is an IDA Python plugin that identifies and matches open-sourced libraries in a given binary. The plugin uses a unique technique that enables it to support huge binaries (>200,000 functions), with almost no impact on the overall performance. The matching algorithm is location-driven. This means that it’s main focus is toRead More