YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which […]
Secure Coding
Secure coding is very important in software development to ensure code security is high using techniques such as static analysis, code auditing and dynamic analysis to ensure safe coding practices are followed.
What Tools can be used for Secure Coding?
There are a variety of tools to ensure code safety, mostly based on source code auditing and static analysis.
The options available really depend on the language being used with some tools focusing on many languages such as Yasca – Multi-Language Static Analysis Toolset or specialist tools focusing on a single language like Brakeman – Static Analysis Rails Security Scanner.
american fuzzy lop – Security Oriented Fuzzing Tool
American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also […]
Twittor – Backdoor Using Twitter For Command & Control
Twittor is a stealthy Python based backdoor using Twitter (Direct Messages) as a command and control server. This project has been inspired by Gcat which does the same but using a Gmail account. Setup For this to work you need: A Twitter account (Use a dedicated account! Do not use your personal one!) Register an […]
peinjector – MITM PE File Injector
The peinjector is a MITM PE file injector, the tool provides different ways to infect Windows platform executable files (PE COFF) with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant, lightweight, modular and can be operated on embedded hardware. Features Full […]
Gcat – Python Backdoor Using Gmail For Command & Control
Gcat is a stealthy Python backdoor that uses Gmail as a command and control server. It’s fairly basic right now, but it’s an interesting proof of concept and if the community got behind it and contributed some new features it could be a pretty powerful piece of kit. Feature wise it doesn’t have that much, […]