48 results tagged
analysis
✕
glogg is a multi-platform GUI application to browse and search through long or complex log files. It is designed with programmers and system administrators in mind. glogg can be seen as a graphical, interactive combination of grep and less.
Hey there!
If you have been searching for a place to get started with
Reverse Engineering and get your hands dirty - you are in the right place :)
If you have been searching for a place to get started with
Reverse Engineering and get your hands dirty - you are in the right place :)
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports. This website gives you access to the Community Edition of Joe Sandbox Cloud. It allows you to run a maximum of 30 analyses / month, 3 analyses / day on Windows, Linux and Android with limited analysis output.
Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.
We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet.
Our database now contains billions of documents of internet data collected over more than a decade.
We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet.
Our database now contains billions of documents of internet data collected over more than a decade.
Ce meetup a pour objectif de vous montrer en direct comment capturer et analyser vos premiers malwares, de la mise en place d'un pot de miel (honeypot) jusqu'à l'identification du serveur de contrôle.
Support and Recovery Assistant is a new tool that helps users troubleshoot and fix issues with various Office 365 apps and services. The app diagnoses common Outlook issues like account setup, connectivity issues, password issues, or Outlook stops responding or crashes. To identify the root cause of these issues, the app runs checks such as:
Checks licenses
Verifying users’ credentials and that Office 365 servers are reachable
Checks for updates to Outlook clients
Checks authentication
Network checks
Protocol checks
Depending on the test results, the tool can offer to automatically fix problems for users or provide instruction on recommended solutions. All the diagnostics results are saved in a log file for users to share with their Office 365 admin or support engineers for further investigation.
Checks licenses
Verifying users’ credentials and that Office 365 servers are reachable
Checks for updates to Outlook clients
Checks authentication
Network checks
Protocol checks
Depending on the test results, the tool can offer to automatically fix problems for users or provide instruction on recommended solutions. All the diagnostics results are saved in a log file for users to share with their Office 365 admin or support engineers for further investigation.
VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code.
Free Website Malware and Security Scanner:
Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
File Analyzer detects and analyses potential malicious executables such as:
.exe (Executables, GUI, CUI, and all variants like PIF, SCR, CPL etc)
.dll (Dynamic Link Libraries)
.vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM etc)
.any (Available in Pro Version)
File Analyzer is based on Joe Sandbox Desktop which performs deep malware analysis. Compared to others Joe Sandbox performs static, dynamic, graph and hybrid analysis to get the most in-depth analysis possible. The captured behavior is rated and classified by one of the biggest behavior signature sets.
What about evasive malware? Joe Sandbox Desktop is the only solution which uses novel graph based algorithms to detect and spot evasive behavior. Checkout the behavior and execution graphs in the reports. To leave malware no choice for VM detection Joe Sandbox Desktop enables to analyze on bare-metal machines (e.g. on a Laptop or PC from your environment).
.exe (Executables, GUI, CUI, and all variants like PIF, SCR, CPL etc)
.dll (Dynamic Link Libraries)
.vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM etc)
.any (Available in Pro Version)
File Analyzer is based on Joe Sandbox Desktop which performs deep malware analysis. Compared to others Joe Sandbox performs static, dynamic, graph and hybrid analysis to get the most in-depth analysis possible. The captured behavior is rated and classified by one of the biggest behavior signature sets.
What about evasive malware? Joe Sandbox Desktop is the only solution which uses novel graph based algorithms to detect and spot evasive behavior. Checkout the behavior and execution graphs in the reports. To leave malware no choice for VM detection Joe Sandbox Desktop enables to analyze on bare-metal machines (e.g. on a Laptop or PC from your environment).
Malware Analysis Reports: Latest behavior analysis reports generated by Joe Sandbox
Check out our latest Analysis Reports of Evasive Malware
Windows
Android
Mac
iOS
Check out our latest Analysis Reports of Evasive Malware
Windows
Android
Mac
iOS
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other database become effortless. Suricata’s fast paced community driven development focuses on security, usability and efficiency.
The Suricata project and code is owned and supported by the Open Information Security Foundation (OISF), a non-profit foundation committed to ensuring Suricata’s development and sustained success as an open source project.
Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other database become effortless. Suricata’s fast paced community driven development focuses on security, usability and efficiency.
The Suricata project and code is owned and supported by the Open Information Security Foundation (OISF), a non-profit foundation committed to ensuring Suricata’s development and sustained success as an open source project.
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
This free malware analysis service is running VxStream Sandbox v6.70 in the backend. Supporting PE, Office, PDF, APK files and more (e.g. EML). Maximum upload size is 100 MB.
This free malware analysis service is running VxStream Sandbox v6.70 in the backend. Supporting PE, Office, PDF, APK files and more (e.g. EML). Maximum upload size is 100 MB.
This paper focuses on using the built-in tools already available in the Microsoft Windows operating system (OS). Central event log collection requires a Windows Server operating system version 2003 R2 or above. Many commercially available tools exist for central event log collection. Using a Windows Server 2008 R2 or above server version is recommended. There are no additional licensing costs for using the event log collection feature. The cost of using this feature is based on the amount of additional storage hardware needed to support the amount of log data collected. This factor is dependent on the number of workstations within the local log collection network.
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage. // r0073r
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage. // r0073r
Learn about the latest online threats.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.
At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.
Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.
At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.
Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.
The Foofus.Net team is an assortment of security professionals and wannabes located somewhere in the Midwestern United States. This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund.
This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.