Softavir - Antivirus for Windows based on Whitelists

SoftAvir is a security tool that ensures complete protection for your computer by creating a whitelist. The user select the only programs that can be run avoiding in this way the execution of any other unwanted program.

How does it work?

Softavir is the first antimalware solution that relies operation in advanced cryptographic whitelisting technology.

After installed, the user must add the programs that can be run. Softavir will not allow the execution of any program that has not been added to the list (including viruses, tojans and other malware).

Who is it for?

Softavir is recommended to Microsoft Windows users. The current version is compatible with Microsoft Windows x86 operating systems. Soon will come out a version for Microsoft Windows x64 operating systems.

Main advantages:

• 100% protection against new threats.
• Does not require updates.
• Improved software management.
• Easy maintenance of your equipment.
• Avoids the need of regular formatting.

Download Softavir

Read More

Detekt - scans your Windows computer for traces of known surveillance spyware

Detekt is a free tool that scans your Windows computer for traces of FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.

In recent years we have witnessed a huge growth in the adoption and trade in communication surveillance technologies. Such spyware provides the ability to read personal emails, listen-in skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.

Some of this software is widely available on the Internet, while some more sophisticated alternatives are made and sold by private companies based in industrialized countries to state law enforcement and intelligence agencies in countries across the world.

There is little to no regulation currently in place to safeguard against these technologies being sold or used by repressive governments or others who are likely to use them for serious human rights violations and abuses.

Download Detekt

Read More

Viper - A binary management and analysis framework dedicated to malware and exploit researchers

Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you created or found over the time to facilitate your daily research. Think of it as a Metasploit for malware researchers: it provides a terminal interface that you can use to store, search and analyze arbitraty files with and a framework to easily create plugins of any sort.

Download Viper

Read More

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Cuckoo generates a handful of different raw data which include:

• Native functions and Windows API calls traces
• Copies of files created and deleted from the filesystem
• Dump of the memory of the selected process
• Full memory dump of the analysis machine
• Screenshots of the desktop during the execution of the malware analysis
• Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

• JSON report
• HTML report
• MAEC report
• MongoDB interface
• HPFeeds interface

Even more interestingly, thanks to Cuckoo’s extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.

Changelog v1.1

• Added imphash to static PE analysis
• Added search for URLs in the web interface
• Added search for PE Imphash in the web interface
• Added possibility in web interface to queue to all machines
• Added filtering by behavior category in Django web interface
• Added analyzer log to Django web interface
• Added REST API to retrieve screenshots associated with a task
• Added REST API to retrieve the PCAP associated with a task
• Added database migration utility
• Added remote submission to submit.py utility
• Added small stats utility (utils/stats.py)
• Added analysis package for PowerShell scripts
• Added overlay configuration for signatures (data/signatures_overlay.json)
• Fixed bug in MAEC report
• Fixed package selection for Office documents and CPL scripts
• Fixed issue with tcpdump filters
• Fixed unhandled exception when uploading files to the analysis machines
• Fixed issues in CuckooMon that resulted in Internet Explorer crashes
• Fixed bug in CuckooMon that caused mutexes to be resolved as file paths
• Fixed bug in behavior processing module that resulted in a trailing backslash in summary’s registry keys

Download  Cuckoo Sandbox v1.1

Read More

[JRT] Junkware Removal Tool

Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.  A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue.  This tool will help you remove these types of programs.

Junkware Removal Tool has the ability to remove the following types of programs:

• Ask Toolbar
• Babylon
• Blekko
• Claro / iSearch
• Conduit
• Crossrider
• DealPly
• Delta
• Facemoods / Funmoods
• Findgala
• Globasearch
• Hao123
• iLivid
• Iminent
• IncrediBar
• MocaFlix
• MyPC Backup
• MyWebSearch
• PerformerSoft
• Privitize
• Qvo6
• Searchqu
• Snap Do
• Swag Bucks
• Wajam
• Web Assistant
• WhiteSmoke
• Zugo

and many more…

Download JRT

Read More

[Killtrojan Syslog] Tool to detect malware activity on a system

Killtrojan Syslog is a free application to create a report about characteristics of the system to further analyze and look for signs of malware, also is intended to put the report in a specialized forum for users to help.

The tool has a very intuitive and easy to use for non-technical users to create their reports. Also useful for more advanced users who want to analyze a computer.

With the support logs with BBCode mode, you can paste the log generated in any forum (SMF, PHPBB, Invision ...) which will be detailed with clear colors for your reading.

Download Killtrojan Syslog

Read More