MSI Dump – A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner

MSI Dump – a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSIRead More

MacOSThreatTrack – Bash Tool Used For Proactive Detection Of Malicious Activity On macOS Systems

The tool is being tested in the beta phase, and it only gathers MacOS system information at this time. The code is poorly organized and requires significant improvements. Description Bash tool used for proactive detection of malicious activity on macOS systems. I was inspired by Venator-Swift and decided to create a bash version of theRead More

Sandfly-Entropyscan – Tool To Detect Packed Or Encrypt ed Binaries Related To Malware, Finds Malicious Files And Linux Processes And Gives Output With Cryptographic Hashes

What is sandfly-entropyscan? sandfly-entropyscan is a utility to quickly scan files or running processes and report on their entropy (measure of randomness) and if they are a Linux/Unix ELF type executable. Some malware for Linux is packed or encrypted and shows very high entropy. This tool can quickly find high entropy executable files and processesRead More

MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the same host, in which caseRead More

Vaas – Verdict-as-a-Service SDKs: Analyze Files For Malicious Content

Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. ATTENTION: All SDKs are currently prototypes and under heavy construction! Integration of Malware Detection Easily integrate malware detectionRead More

Malicious-Pdf – Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality

Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Usage python3 burp-collaborator-url Output will be written as: test1.pdf,Read More

Lnkbomb – Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester’s machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on configuration of theRead More

Php-Malware-Finder – Detect Potentially Malicious PHP Files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells. The following list of encoders/obfuscators/webshells are also detected: Bantam Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator nano novahot phpencode tenncRead More

CVE-2021-40444 PoC – Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check for manual reproduce steps If your generated cab is not working, try pointingRead More

ARTIF – An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting, processing and correlating observables based on different factors.Read More