Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

ASTRIDE: A Security Threat Modeling Platform for Agentic-AI Applications

AI agent-based systems are becoming increasingly integral to modern software architectures, enabling autonomous decision-making, dynamic task execution, and multimodal interactions through large language models LLMs. However, these systems introduce novel and evolving security challenges, includi...

Improving Cybercrime Detection and Digital Forensics Investigations with Artificial Intelligence

According to a recent EUROPOL report, cybercrime is still recurrent in Europe, and different activities and countermeasures must be taken to limit, prevent, detect, analyze, and fight it. Cybercrime must be prevented with specific measures, tools, and techniques, for example through automated...

BWASP - BoB Web Application Security Project

The BoB Web Application Security Project BWASP is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated...

Sub3Suite - A Free, Open Source, Cross Platform Intelligence Gathering Tool

Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on variety of target types with many available features & tools. For more information checkout the documentation Screenshots...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

Saferwall - A Hackable Malware Sandbox For The 21St Century

Saferwall is an open source malware analysis platform. It aims for the following goals: Provide a collaborative platform to share samples among malware researchers. Acts as a system expert, to help researchers generates an automated malware analysis report. Hunting platform to find new malwares...

HoneyBot - Capture, Upload And Analyze Network Traffic

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently this library provides three scripts: capture-and-analyze.py - Capture on an interface for some period of time, and upload capture for analysis. upload-and-analyze.py - Upload and...

ABD - Course Materials For Advanced Binary Deobfuscation

Advanced Binary Deobfuscation This repository contains the course materials of Advanced Binary Deobfuscation at the Global Cybersecurity Camp GCC Tokyo in 2020. Course Abstract Reverse engineering is not easy, especially if a binary code is obfuscated. Once obfuscation performed, the binary would...

CAPE - Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of malware analysis with the goal of extracting payloads and configuration from malware. This allows CAPE to detect malware based on payload signatures, as well as automating many of the goals of malware...

AMIRA - Automated Malware Incident Response & Analysis

AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All : the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket,...

Internet Shortcut used in Necurs malspam campaign

The Necurs botnet continues to be one of the most prolific malicious spam distributors, with regular waves of carefully-crafted attachments that are used to download malware. The majority of malspam campaigns that we track are targeting Microsoft Office with documents containing either macros or...

Automated Android Malware Analysis: CuckooDroid

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files. CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. CuckooDroid is an automated, cross-platform, emulation and analysis framework based on...

Malware Evades Detection with Novel Technique

Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...

[SECURITY] Fedora 22 Update: satyr-0.18-1.fc22

Satyr is a library that can be used to create and process microreports. Microreports consist of structured data suitable to be analyzed in a fully automated manner, though they do not necessarily contain sufficient informa tion to fix the underlying problem. The reports are designed not to contai...

Segmentation violation when replacing ordered list elements — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that ca...

CrowdSource Tool Aims to Improve Automated Malware Analysis

When a new piece of malware surfaces, it’s typically analyzed eight ways from Sunday by a long list of antimalware and other security companies, government agencies, CERTs and other organizations who try to break it down and classify its capabilities. There’s a lot of duplicated effort there, and...

EMC Data Protection Advisor CXML Service Detection

The CXML service for EMC Data Protection Advisor, an automated analysis and alerting system for backup and replication infrastructure, was detected on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

Researchers Discovery Data-Stealing Malware That Likes to Nap

Researchers at FireEye’s Malware Intelligence Lab say they’ve found malware that attempts to evade detection with extended sleep calls and uses “the fast flux technique” to hide the attacker’s identity. They are calling the malicious downloader “Trojan Nap” and notes it uses a technique akin to t...