Information Security Toolkit

sherlock-holmesPage: Under construction
Here is a collection of my favorite InfoSec Tools, following tools are often used for penetration testing and digital forensics. As such, they may be categorised as hack tools, unwanted programs, or even malware by certain security programs. Please note that these tools do not perform any function other than what is detailed in their descriptions and do not contain malware.

Anti-Malware Tools

Process Explorer v16.05

Compact and powerful tool for real-time monitoring of processes running in the system, it gives a lot of detailed information about all running processes, including the owner, the memory use of the involved libraries etc.

SunPEView v0.7.1

SunPEView – is a little the PE file viewer to Investigate of PE32 & PE64 files is. It further supports Hexeditor view, file location calculator and a hex-dec-bin converter. Shows detailed information of each PE field, including file offset and field size as well as description. Encoding of flags / enumeration members …

PE Tools v1.5.800.2006 RC7

PE the Tools – powerful program to work with PE files + (64bit), which includes: PE File Editor, Task Viewer, the Win32 PE files optimizer, a compiler / packer detector and much more for research, editing and optimization of executable files and libraries

Process Hacker v2.36 (r6153)

Hacker Hacker the Process – To monitor system processes and services running on the computer. The utility is not a cross-platform development and works only on 32-bit and 64-bit Microsoft Windows operating systems.

PEStudio v8.53

PeStudio – is a utility with which you can learn in detail the technical details of any program without running it, and execute the file scan for viruses and other malicious software by using an online service Virustotal. All this information can be saved as XML-report.

EXE Explorer v1.4.9.0

Explorer the EXE – the this application is based on the Portable Executable Reader is MiTeC. It reads and displays executable file properties and structure. It is compatible with PE32, PE32 + (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET Executables are supported too.

FileAlyzer v2.0.5.57

A powerful tool for a detailed analysis of the various files, the program allows you to get a lot of information about the file (creation date, size, attribute, version, and much more).

PE-bear v0.3.7

Bear-PE – a tool for reversing PE executable file, the program is designed for analysts (malware-analysts) malware included is quick disassembler, also present a signature definition packers using signature analysis database.

Cerbero PE Insider v1.0.2

An Insider the PE is a free viewer for the Portable Executable the community. It shares the same codebase for inspection as Cerbero Profiler and hence it supports the entire PE specification and is incredibly fast and stable.

GetSusp

McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) File Reputation database to gather suspicious files.

GetSusp is recommended as a first tool of choice when analyzing a suspect computer. However, one must follow the existing McAfee support process for escalating suspicious files it finds.

Download GetSusp

The build below is for McAfee ePO administrators.

Download GetSusp-ePO

Ransomware Interceptor (Pilot)

Ransomware malware has evolved to be a tremendous threat over the last few years. Such malware will install on your system, encrypt or damage data on your system in a way that in many cases is irrecoverable unless you have a decryption key. Consumers may have to pay the malware authors hefty amounts of money (varies from a few 100 to a 1000 USD) to obtain the recovery key. Failure to do so typically results in permanent loss of data.

Interceptor is an Anti-Ransomware tool. Interceptor is an early detection tool that prevents file encryption attempts by ransomware malware. This tool leverages heuristics and machine learning to identify such malware.

Download Interceptor
For questions, comments, and inquiries regarding this software please visit our community page.

Real Protect (BETA)

Real Protect is a real-time behavior detection technology that monitors suspicious activity on an endpoint. Real Protect leverages machine learning and automated, behavioral-based classification in the cloud to detect zero-day malware in real time.

Real Protect is available as a free tool and is also bundled with Stinger. McAfee plans to incorporate Real Protect into future anti-malware products.

Download RealProtect