| CARVIEW |
Contact Cisco Talos Incident Response
For reputation or categorization inquiries, visit the Talos Support site. For emergency DDoS mitigation assistance, please contact the Cisco Secure DDoS Protection Team.
Snort
Open Source intrusion prevention system capable of real-time traffic analysis and packet logging.
ClamAV
Open Source anti-virus engine for detecting trojans, viruses, malware and other malicious threats.
PE-Sig
Security tool for analysts to identify PE section hashes for executable files, allows for the simple creation of ClamAV section-based signatures.
Synful Knock Scanner
A network scanner and utility for detecting signs of the SYNFul Knock router malware.
MBR Filter
Disk filter that blocks write access to the Master Boot Record.
FIRST
The Function Identification and Recover Signature Tool (FIRST) is an IDA Pro plugin that allows reverse engineers to more quickly complete static analysis.
Cisco Smart Install Scanner
A network scanner and utility for detecting Cisco Smart Install client protocol.
BASS - Automated Signature Synthesizer
Framework that automatically generates pattern-based anti-virus signatures from previously generated malware sample clusters.
Decept
Versatile multi-protocol and portable network proxy. Use with the Mutiny Fuzzing Framework for quick and easy network fuzzing.
Mutiny Fuzzer
The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible.
Dynamic Data Resolver
Dynamic Data Resolver (DDR) is an IDA plugin that resolves dynamic data such registers and memory pointers by leveraging the DynamoRio instrumentation framework.
PyLocky Decryptor
Open-source tool for decrypting and restoring files, to their original content, encrypted by the ransomware PyLocky.
Mussels
Open-source cross-platform and general-purpose dependency build automation tool.
Daemonlogger
Simple, fast network packet logger and soft tap designed specifically for use in NSM environments.
Moflow
Software security framework containing automated security tools for vulnerability, discovery, and triage of vulnerabilities in software.
TeslaCrypt Decryption Tool
Open-source command-line utility for decrypting TeslaCrypt ransomware and returning user files to their original content.
Thanatos Decryptor
Open-source utility for decrypting files encrypted by the Thanatos ransomware.
LockyDump
Open-source Locky configuration extractor that dumps the configuration parameters in all currently known variants of Locky, including .locky, .zepto and .odin.
FreeSentry
LLVM plugin that makes exploitation of use-after-free vulnerabilities more difficult.
Flokibot Tools
Open-source collection of scripts that help automate portions of the analysis of Flokibot malware.
ROPMEMU
Framework to analyze, dissect and decompile complex code-reuse attacks.
PyREBox
Python scriptable Reverse Engineering Sandbox, a Virtual Machine instrumentation and inspection framework based on QEMU.
File2pcap
File2pcap creates pcaps from any input file, showing the file in transit via HTTP/SMTP/IMAP/POP3/FTP or HTTP2 over IPv4 or IPv6.
Re2Pcap
Re2Pcap creates a Pcap file from a raw HTTP request or response in seconds.
GhIDA
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in the IDA workflow.
IDA Pro TileGX Plugin
This plugin adds support to IDA Pro for disassembling Tilera's TileGX architecture.