DIFR: The domain with the digital forensics and incident response scope.
​
Joe Sandbox
Gain the ability to sandbox malware in a controlled environment, with built-in deep analysis insights.
Non-Affiliate link: https://www.joesandbox.com/
Any Run
"Analyse a network, file, module, and the registry activity. Interact with the OS directly from a browser. See the feedback from your actions immediately." 1
Non-Affiliate link: https://app.any.run/
REMnux
"REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools." 1
Non-Affiliate link: https://remnux.org/
Windows Sandbox
"Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine." 1
Non-Affiliate link: Windows Sandbox
Hybrid Analysis
"This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology." 1
Non-Affiliate link: https://www.hybrid-analysis.com/
Cuckoo
"Cuckoo Sandbox is the leading open source automated malware analysis system. You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment." 1
Non-Affiliate link: https://cuckoosandbox.org/
VMRay
"VMRay Platform involves a ground-breaking sandbox, and 30+ best-of-breed technologies that bring additional capabilities to detect the threats that others miss." 1
Non-Affiliate link: https://www.vmray.com/
browserling
"Get a browser and start testing in 5 seconds!" 1
Non-Affiliate link: https://www.browserling.com/
Amnpardaz Sandbox (Jevereg)
"Jevereg analyses the behavior of potential malicious executables. It's built on top of Amnpardaz Sandbox." 1
Non-Affiliate link: https://jevereg.amnpardaz.com/
IOBit Cloud
"IObit Cloud is an advanced automated threat analysis system. We use the latest Cloud Computing technology and Heuristic Analyzing mechanic to analyze the behavior of spyware, adware, trojans, keyloggers, bots, worms, hijackers and other security-related risks in a fully automated mode." 1
Non-Affiliate link: https://cloud.iobit.com/index.php
Recorded Future: Triage
"Analyze malware samples free. A state-of-the–art malware analysis sandbox, with all the features you need.
High-volume sample submission in a customizable environment with detections and configuration extraction for many malware families. View public reports and classify your malware today!" 1
Non-Affiliate link: https://tria.ge/
InQuest Labs
"A core facet to the InQuest solution is our Deep File Inspection (DFI) engine. Capable of recursively decompressing, decoding, deobfuscating, decompiling, deciphering, and more. We aim to automate and scale the reverse engineering skill-set of a typical SOC analyst." 1
Non-Affiliate link: https://labs.inquest.net/dfi
VirusTotal
"Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community." 1
Non-Affiliate link: https://www.virustotal.com/
MalwareBazaar
"...the malware sample database of MalwareBazaar" 1
Non-Affiliate link: https://bazaar.abuse.ch/browse/
MalShare
"The MalShare Project is a collaborative effort to create a community driven public malware repository that works to build additional tools to benefit the security community at large." 1
Non-Affiliate link: https://malshare.com/
Talos
"Talos utilizes its extensive threat intelligence to make the internet safer for everyone. A variety of free software, services, resources and data are available to the public, including official rule sets and communities. Additionally, Talos promotes an informed security community, posting information on new threats and research on the Talos Blog, ThreatSource newsletter, social media, and on the Beers with Talos podcast, with new episodes posted biweekly." 1
Non-Affiliate link: https://talosintelligence.com/
AbuseIPDB
"AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
Our mission is to help make Web safer by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online." 1
Non-Affiliate link: https://www.abuseipdb.com/
Valkyrie Comodo
"Valkyrie is a file verdict system. Different from traditional signature based malware detection techniques Valkyrie conducts several analysis using run-time behavior and hundreds of features from a file and based on analysis results can warn users against malware undetected by classic Anti-Virus products." 1
Non-Affiliate link: https://valkyrie.comodo.com/
OPSWAT
"Trust No File.
Trust No Device.
Simply submit suspicious files to MetaDefender Cloud for analysis. A comprehensive report is created to inform you about the contents of the file." 1
Non-Affiliate link: https://metadefender.opswat.com/
SearchSploit
"Included in our Exploit Database repository on GitLab is searchsploit, a command line search tool for Exploit-DB that also allows you to take a copy of Exploit Database with you, everywhere you go. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access." 1
Non-Affiliate link: https://www.exploit-db.com/searchsploit
URLDecoder
Non-Affiliate link: https://www.urldecoder.io/
CyberChef
Non-Affiliate link: https://gchq.github.io/CyberChef/
Radare2
"r2 is a complete rewrite of radare. It provides a set of libraries, tools and plugins to ease reverse engineering tasks. Distributed mostly under LGPLv3, each plugin can have different licenses (see r2 -L, rasm2 -L, ...).
The radare project started as a simple command-line hexadecimal editor focused on forensics. Today, r2 is a featureful low-level command-line tool with support for scripting with the embedded Javascript interpreter or via r2pipe.
r2 can edit files on local hard drives, view kernel memory, and debug programs locally or via a remote gdb server. r2's wide architecture support allows you to analyze, emulate, debug, modify, and disassemble any binary." 1
Non-Affiliate link: https://github.com/radareorg/radare2
WinDbg
"WinDbg is a debugger that can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory." 1
Non-Affiliate link: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/
X64dbg
"An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis." 1
Non-Affiliate link: https://github.com/x64dbg/x64dbg
OllyDbg
"OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable." 1
Non-Affiliate link: http://www.ollydbg.de/
Flare-VM
"Welcome to FLARE-VM - a collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a virtual machine (VM)." 1
Non-Affiliate link: https://github.com/mandiant/flare-vm
Ghidra
"A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission." 1
Non-Affiliate link: https://ghidra-sre.org/
Regshot
"Regshot is a small, free and open-source registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product" 1
Non-Affiliate link: https://github.com/Seabreg/Regshot
Process Hacker
"A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware." 1
Non-Affiliate link: https://processhacker.sourceforge.io/
WinDbg
"WinDbg is a debugger that can be used to analyze crash dumps, debug live user-mode and kernel-mode code, and examine CPU registers and memory." 1
Non-Affiliate link: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/
Procmon
"Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit." 1
Non-Affiliate link: https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Wireshark
"The world's most popular network protocol analyzer." 1
Non-Affiliate link: https://www.wireshark.org/
FakeNet-NG
"The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services. Using FakeNet-NG, malware analysts can quickly identify malware's functionality and capture network signatures." 1
Non-Affiliate link: https://github.com/mandiant/flare-fakenet-ng
Coming soon
"Coming soon." 1
Non-Affiliate link: https://...
Coming soon
"Coming soon." 1
Non-Affiliate link: https://...
MACVendors
"We launched a product that used a third party MAC address lookup API and the service just wasn't cutting it for us. Instead, we set out to make it right; not only for ourselves, but for all other developers out there." 1
Non-Affiliate link: https://macvendors.com/
mac-address. alldatafeeds
"By a given MAC address/OUI/IAB, retrieve OUI vendor information, detect virtual machines, manufacturer, locations, read the information encoded in the MAC, and get our research's results regarding any MAC address, OUI, IAB, IEEE." 1
Non-Affiliate link: https://mac-address.alldatafeeds.com/mac-address-lookup
aallan/mac-vendor.txt
"List of MAC addresses with vendors identities" 1
Non-Affiliate link: https://gist.github.com/aallan/b4bb86db86079509e6159810ae9bd3e4
Windows Commands
"All supported versions of Windows and Windows Server have a set of Win32 console commands built in. This set of documentation describes the Windows Commands you can use to automate tasks by using scripts or scripting tools." 1
.NET Reflector
"Decompile, understand, and fix any .NET code, even if you don't have the source" 1
Non-Affiliate link: https://www.red-gate.com/products/reflector/
JustDecompile
"This is the engine of the popular .NET decompiler JustDecompile. C# is the only programming language used." 1
Non-Affiliate link: https://github.com/telerik/justdecompileengine
ILSpy
".NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!" 1
Non-Affiliate link: https://github.com/icsharpcode/ILSpy
dotPeek
"Free .NET Decompiler and Assembly Browser" 1
Non-Affiliate link: https://www.jetbrains.com/decompiler/
= FREE OPT
= LOW COST
= MED COST
= HIGH COST
= CLOUD
= ON-PREM
Terms or Use