Skip to content

Commit 7734930

Browse files
timyardleytimyardley
committed
Bring in Flare and Floss as the ICS community might find these useful.
1 parent 917c12b commit 7734930

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

tools/analysis/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
* [YARA](https://plusvic.github.io/yara/) - YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
1616
* [Volatility](https://github.com/volatilityfoundation/volatility) - The Volatility Framework is a completely open collection of tools,implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples.
1717
* [OPC Data Access IDAPython script](https://github.com/eset/malware-research/tree/master/industroyer) - An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol. It can be used to analyse such malware families as Havex RAT and Win32/Industroyer.
18+
* [FLARE VM](https://github.com/fireeye/flare-vm) - FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
1819

1920
### Network
2021
* [GRASSMARLIN] (https://github.com/iadgov/GRASSMARLIN) - GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Passively map, and visually display, an ICS/SCADA network topology while safely conducting device discovery, accounting, and reporting on these critical cyber-physical systems.
@@ -25,6 +26,7 @@
2526
### Reverse Engineering
2627
* [Binwalk](https://github.com/ReFirmLabs/binwalk) - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
2728
* [ANGR](https://github.com/angr/angr) - A powerful and user-friendly binary analysis platform.
29+
* [Floss](https://github.com/fireeye/flare-floss) - FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static analysis techniques to automatically deobfuscate strings from malware binaries.
2830

2931
### Samples
3032
* [Trisis/Triton/Hatman](https://github.com/ICSrepo/TRISIS-TRITON-HATMAN) - Repository containting original and decompiled files of TRISIS/TRITON/HATMAN malware

0 commit comments

Comments
 (0)