Sean Wilson

Expert
@idiom

pftriage. Python tool and library to help analyze files during malware triage and analysis.

79

stackstack. Python

32

IRScripts. Incident Response Scripts

30

OLEPackagerFormat. OLE Package Format Documentation

23

activemime-format. ActiveMime File Format Documentation

19

hollows_hunter. A process scanner detecting and dumping hollowed PE modules.

3

capa. The FLARE team's open-source tool to identify capabilities in executable files.

3

Open-Source-YARA-rules. YARA Rules I come across on the internet

2

officeparser. Extract embedded files and macros from office documents.

2

nucleus. Clone of Nucleus function detector.

2

EmerSearch. Search Emercoin NVS records

2

al-khaser. Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

2

SiT. Simple Instruction Tracer

2

iocs. Machine-digestible malware indicators.

2

capa-rules. Standard collection of rules for capa: the tool for enumerating the capabilities of programs

1

Yara-detection-rules. Yara Rules for Modern Malware

1

vxsig. Automatically generate AV byte signatures from sets of similar binaries.

1

pefile. pefile is a Python module to read and work with PE (Portable Executable) files

1

phoenix. Cuckoo Sandbox is an automated dynamic malware analysis system

1

dirhistory. Remember previous directories in bash and define keyboard shortcuts to change current directory to previous/next entries in history.

1

flare-fakenet-ng. FakeNet-NG - Next Generation Dynamic Network Analysis Tool

1

signature-base. Signature base for my scanner tools

1

MISP. MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

1

capstone. Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.

1

malware_analysis. Various snippets created during malware analysis

1

unicorn. Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, X86)

1

elfesteem. Automatically exported from code.google.com/p/elfesteem

1

frida-python. Frida python bindings

1

binlex. A Binary Genetic Traits Lexer Framework

1

flare-floss. FireEye Labs Obfuscated String Solver - Automatically extract obfuscated strings from malware.

1

libpeconv. A small library for mapping and unmapping PE files.

1

flare-ida. IDA Pro utilities from FLARE team

1

ABD. Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories

1

yeti. Your Everyday Threat Intelligence

1

MalShare-Toolkit. Set of tools for interacting with Malshare

1

ADVobfuscator. Obfuscation library based on C++11/14 and metaprogramming

1

RunPE. Code that allows running another windows PE in the same address space as the host process.

1

idapython6to7. Python

1

smda. SMDA is a minimalist recursive disassembler library that is optimized for accurate Control Flow Graph (CFG) recovery from memory dumps.

1

LIEF. LIEF - Library to Instrument Executable Formats

1

gopep. Go Lang Portable Executable Parser

1

mlib. Your bag of handy codes for malware researchers

1

shiva. Spam Honeypot with Intelligent Virtual Analyzer

1

ollydbg-script. 收集一些ollydbg的脱壳脚本 collect some ollydbg scripts.

1

volatility. An advanced memory forensics framework

1

sems. Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, Analysis Tools Detection Tools

1

blip. Python

1

punbup. Python unbup script for McAfee .bup files (with some additional fun features). This script is fully implemented in python it's not just another wrapper around 7zip!

1

metasploit-framework. Metasploit Framework

1

dllinjector. dll injection tool that implements various methods

1

frida. Clone this repo to build Frida

1

yatp. Yet Another TNEF Parser

1
52
Apply