Dumpulator – An Easy-To-Use Library For Emulating Memory Dumps. Useful For Malware Analysis (Config Extraction, Unpacking) And Dynamic Analysis In General (Sandboxing)

Note: This is a work-in-progress prototype, please treat it as such. Pull requests are welcome! You can get your feet wet with good first issues An easy-to-use library for emulating code in minidump files. Here are some links to posts/videos using dumpulator: Introduction video with OALabs: Dumpulator – Using Binary Emulation To Automate Reverse EngineeringRead More

Graphicator – A GraphQL Enumeration And Extraction Tool

[*] Graphicator is a GraphQL “scraper” / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send requests to the endpoint and saves the returnedRead More

CAPEv2 – Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction – hence its name is an acronym: ‘Config And Payload Extraction’. Automated unpacking allows classification based on Yara signatures to complement network (Suricata) and behavior (API) signatures. There is a free community instance onlineRead More

SlackPirate – Slack Enumeration And Extraction Tool – Extract Sensitive Information From A Slack Workspace

This is a tool developed in Python which uses the native Slack APIs to extract ‘interesting’ information from a Slack workspace given an access token. As of May 2018, Slack has over 8 million customers and that number is rapidly rising – the integration and ‘ChatOps’ possibilities are endless and allows teams (not just developers!)Read More