{"id":79,"date":"2020-02-27T21:10:45","date_gmt":"2020-02-27T21:10:45","guid":{"rendered":"https:\/\/reversea.me\/?page_id=79"},"modified":"2022-01-25T21:52:37","modified_gmt":"2022-01-25T21:52:37","slug":"tools","status":"publish","type":"page","link":"https:\/\/reversea.me\/index.php\/research\/tools\/","title":{"rendered":"Tools"},"content":{"rendered":"Reading Time: <\/span> < 1<\/span> minute<\/span><\/span>\n

All software tools are released under GNU\/GPL licenses. Closed-source versions for commercial purposes are available, please contact the authors: reverseame (at) unizar (dot) es.<\/strong><\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
chiton<\/strong><\/td>\nPython library to exfiltrate data encapsulating the data into IoT protocol’s packets.<\/i>
Source code<\/a> (GNU\/AGPL v3 license).<\/td>\n<\/tr>\n
IM Artifact Finder<\/strong><\/td>\nInstant Messaging Artifact Finder<\/i> (IM Artifact Finder) is a framework tool to find memory artifacts present in instant messaging (IM) applications.<\/i>
Source code<\/a> (GNU\/GPL v3 license).<\/td>\n<\/tr>\n
Windows Memory Extractor<\/strong><\/td>\nC++ tool to extract contents from the memory of Windows processes (it dumps the allocated memory).<\/i>
Source code<\/a> (GNU\/GPL v3 license).<\/td>\n<\/tr>\n
rop3<\/strong><\/td>\nPython tool to search for gadgets, operations, and ROP chains using a backtracking algorithm in a tree-like structure.<\/i>
Source code<\/a> (GNU\/GPL v3 license).<\/td>\n<\/tr>\n
dumd-mixer<\/strong><\/td>\nDump Module Mixer<\/i> (dumd-mixer) is a Python script to generate a module from the same module extracted from a collection of memory dumps.<\/i>
Source code<\/a> (GNU\/GPL v3 license).<\/td>\n<\/tr>\n
pagedmem<\/strong><\/td>\nVolatility plugin to obtain the number of the memory pages paged per module (exe or dll) and per driver from a Windows memory dump.<\/i>
Source code<\/a> (GNU\/GPL v3 license).<\/td>\n<\/tr>\n
sigcheck & sigvalidator<\/strong><\/td>\nsigcheck is a Volatility plugin to validate Authenticode-signed processes, either with embedded signature or catalog-signed.<\/i> sigvalidator is a Python module to verify signatures of PE files.<\/i>
Source code<\/a> (GNU\/GPL v3 license).
More information in the paper<\/a>.<\/td>\n<\/tr>\n
malscan<\/strong><\/td>\nVolatility plugin to detect malicious code thanks to ClamAV.<\/i>
Source code<\/a> (GNU\/AGPL v3 license).
More information in this post.<\/td>\n<\/tr>\n
winesap<\/strong><\/td>\nVolatility plugin to analyze the registry-based Windows ASEPs in a memory dump.<\/i>
Source code<\/a> (GNU\/AGPL v3 license).
More information in the paper<\/a>.<\/td>\n<\/tr>\n
processfuzzyhash<\/strong><\/td>\nVolatility plugin to calculate and compare Windows processes fuzzy hashes.<\/i>
Source code<\/a> (GNU\/AGPL v3 license).
More information in the paper<\/a>.<\/td>\n<\/tr>\n
pinVMShield<\/strong><\/td>\nPin-based tool to protect a sandbox application of common anti-virtual machine and anti-sandbox detection techniques.<\/i>
Source code<\/a> (GNU\/GPL v3 license).
More information in the paper<\/a>.<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Reading Time: <\/span> < 1<\/span> minute<\/span><\/span>All software tools are released under GNU\/GPL licenses. Closed-source versions for commercial purposes are available, please contact the authors: reverseame (at) unizar (dot) es. chiton Python library to exfiltrate data encapsulating the data into IoT protocol’s packets.Source code (GNU\/AGPL v3 license). IM Artifact Finder Instant Messaging Artifact Finder (IM Artifact Finder) is a framework tool […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":46,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-79","page","type-page","status-publish","hentry","no-featured-image"],"_links":{"self":[{"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/pages\/79","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/comments?post=79"}],"version-history":[{"count":19,"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/pages\/79\/revisions"}],"predecessor-version":[{"id":498,"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/pages\/79\/revisions\/498"}],"up":[{"embeddable":true,"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/pages\/46"}],"wp:attachment":[{"href":"https:\/\/reversea.me\/index.php\/wp-json\/wp\/v2\/media?parent=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}