482 Open source projects that are alternatives of or similar to DFIR_Resources_REvil_Kaseya

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

Awesome hacking is an awesome collection of hacking tools.

Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"

Volatility plugin for extracts configuration data of known malware

Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.

Malware Behavior Analyzer

Sandbox for automated Linux malware analysis.

KicomAV is an open source (GPL v2) antivirus engine designed for detecting malware and disinfecting it.

Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.

Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools

Agile Sandbox for analyzing Windows, Linux and macOS malware and execution behaviors

C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends

Detect silent (unwanted) changes to files on your system

Pythonic ransomware proof of concept.

A simple auditing utility for macOS

Anteater - CI/CD Gate Check Framework

Collection of various malicious functionality to aid in malware development

DDoor - cross platform backdoor using dns txt records

Personal compilation of APT malware from whitepaper releases, documents and own research

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module

Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

RCEed version of computer malware / rootkit MyRTUs / Stuxnet.

Python network worm that spreads on the local network and gives the attacker control of these machines.

A C/C++ implementation of Microsoft's Antimalware Scan Interface

Python telnet honeypot for catching botnet binaries

Allows you to quickly query a Windows machine for RAM artifacts

Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application

AMWScan (PHP Antimalware Scanner) is a free tool to scan php files and analyze your project to find any malicious code inside it.

Malware samples, analysis exercises and other interesting resources.

Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

A merged collection of hosts from reputable sources. #StayEnergized!

Cross Platform ELF analysis

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

Malice Windows Defender AntiVirus Plugin

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders

Simple obfuscation tool

A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.

A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research

Free Malware Training Datasets for Machine Learning

🐐 GoAT (Golang Advanced Trojan) is a trojan that uses Twitter as a C&C server

Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.

ipsets dynamically updated with firehol's update-ipsets.sh script

This is a collection of #botnet source codes, unorganized. For EDUCATIONAL PURPOSES ONLY

Wolves Among the Sheep

Run a Exe File (PE Module) in memory (like an Application Loader)

Automated Use Case Testing

Windows Remote Administration Tool via Telegram. Written in Python

Runtime memory analysis framework to identify Android malware

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Keep track of the labs from the book "Practical Malware Analysis"

My implementation of enSilo's Process Doppelganging (PE injection technique)

🧠 🦠 An artificial neural network and API to detect Windows malware, based on Ergo and LIEF.

Basic Multiplatform Remote Administration Tool - Xamarin

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

Qiling Advanced Binary Emulation Framework

A ransomware developed in python, with bypass technics, for educational purposes.

A collection of hacking / penetration testing resources to make you better!