capa

A malware/botnet analysis framework with a focus on network analysis and process comparison.

Capa Detects Capabilities in Executable Files

Capa identifies capabilities in executable files by examining PE, ELF, .NET modules, shellcode files, or sandbox reports. This analysis helps to uncover potential behaviors, such as backdoors, service installations, or communication methods like HTTP. For further details, explore our capa blog posts: Dynamic capa: Exploring Executable Run-Time Behavior with the CAPE Sandbox, capa v4: casting a wider .NET (.NET support), ELFant in the Room – capa v3 (ELF support), capa 2.0: Better, Stronger, Faster, and capa: Automatically Identify Malware Capabilities. To use it, run the command: $ capa.exe suspicious.exe. ATT&CK Tactic and Technique mapping is also available.

Other AI Tools

Proxmark 3

Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.

Details

Preparing for Red Team at PRCCDC 2015

Emulates Docker HTTP API with event logging and AWS deployment script.

Details

Practical Guide to NTLM Relaying in 2017

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details

Project Zero iPhone Messaging Tools

MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.

Details

Projectdiscovery.io | Chaos

FOCA is a tool used to find metadata and hidden information in scanned documents, with capabilities to analyze various file types and extract EXIF information.

Details