WithSecure Labs
Welcome to WithSecure Labs. Here we publish research, and share our tools with the security community.
Pinned Repositories
awspx
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
doublepulsar-detection-script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
drozer
The Leading Security Assessment Framework for Android.
leonidas
Automated Attack Simulation in the Cloud, complete with detection use cases.
needle
The iOS Security Testing Framework
physmem2profit
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
python-exe-unpacker
A helper script for unpacking and decompiling EXEs compiled from python code.
WithSecure Labs's Repositories
WithSecureLabs/doublepulsar-c2-traffic-decryptor
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
WithSecureLabs/drozer-modules
WithSecureLabs/doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
WithSecureLabs/ModuleStomping
https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
WithSecureLabs/dotnet-gargoyle
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
WithSecureLabs/radare2-scripts
A collection of useful radare2 scripts!
WithSecureLabs/weasel
WithSecureLabs/volatility-plugins
WithSecureLabs/jar-agent
WithSecureLabs/mercury-common
This repository contains Mercury components that are shared between the Agent and the Server/Console.
WithSecureLabs/memory-carving-scripts
Scripts for extracting useful information from infected memory dumps
WithSecureLabs/shadowhammer
Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992
WithSecureLabs/ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
WithSecureLabs/rogue-agent
WithSecureLabs/snake-charmer
snake-charmer - the regression test suite for snake