Tai-e – An Easy-To-Learn/Use Static Analysis Framework For Java

Tai-e What is Tai-e? Tai-e (Chinese: 太阿; pronunciation: [ˈtaɪə:]) is a new static analysis framework for Java (please see our technical report for details), which features arguably the “best” designs from both the novel ones we proposed and those of classic frameworks such as Soot, WALA, Doop, and SpotBugs. Tai-e is easy-to-learn, easy-to-use, efficient, andRead More

Fuzzable – Framework For Automating Fuzzable Target Discovery With Static Analysis

Framework for Automating Fuzzable Target Discovery with Static Analysis. Introduction Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer. This is important as it automates the bughunting process and reveals exploitable conditions in targets quickly. However, when encountering large and complex codebasesRead More

DotDumper – An Automatic Unpacker And Logger For DotNet Framework Targeting Files

An automatic unpacker and logger for DotNet Framework targeting files! This tool has been unveiled at Black Hat USA 2022. The automatic detection and classification of any given file in a reliable manner is often considered the holy grail of malware analysis. The trials and tribulations to get there are plenty, which is why theRead More

Subparse – Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine, parsing modules, and a variety of enrichers thatRead More

Aftermath – A Free macOS IR Framework

Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an MDM (ideally), but it can also run independently from the infected user’s command line. Aftermath first runs a series of modules forRead More

Havoc – Modern and malleable post-exploitation command and control framework

Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider. Havoc is in an early state of release. Breaking changes may be made to APIs/core structures as the framework matures.   Support Consider supporting C5pider on Patreon/Github Sponsors. Additional features are planned for supporters in the future, such as custom agents/plugins/commands/etc.Read More

TeamFiltration – Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally since January 2021 and was publicly released in my talk “TakingRead More

Threatest – Threatest Is A Go Framework For End-To-End Testing Threat Detection Rules

Threatest is a Go framework for testing threat detection end-to-end. Threatest allows you to detonate an attack technique, and verify that the alert you expect was generated in your favorite security platform. Read the announcement blog post: https://securitylabs.datadoghq.com/articles/threatest-end-to-end-testing-threat-detection/ Concepts Detonators A detonator describes how and where an attack technique is executed. Supported detonators: Local commandRead More

Usbsas – Tool And Framework For Securely Reading Untrusted USB Mass Storage Devices

usbsas is a free and open source (GPLv3) tool and framework for securely reading untrusted USB mass storage devices. Description Following the concept of defense in depth and the principle of least privilege, usbsas’s goal is to reduce the attack surface of the USB stack. To achieve this, most of the USB related tasks (parsingRead More