Since the year is ending (a productive year despite of the pandemic) here are the 12 tools I learned in the year of 2021.
This is a very short blog post.
1. Oledump - oledump.py is a program to analyze OLE files. These files contain streams of data. oledump allows you to analyze these streams. Many applications use this file format, the best known is MS Office. .doc, .xls, .ppt, … are OLE files (docx, xlsx, … is the new file format: XML inside ZIP)
(https://blog.didierstevens.com/programs/oledump-py/)
2. Process Hacker - A free, powerful, multi-purpose Windows tool that helps you monitor system resources, debug software and detect malware.
Overview - Process Hacker (sourceforge.io)
3. Uncoder.IO | Universal Sigma Rule Converter for SIEM, EDR, and NTDR](https://uncoder.io/) - Uncoder.IO is the online Sigma translation engine for SIEM saved searches, filters, queries, API requests, which helps SOC Analysts, Threat Hunters, and Detection Engineers to translate detections on the fly. It allows Blue Teams to break the limits of being dependent on a single tool for hunting and detecting threats and avoid technology lock-in. With an intuitive look and feel and streamlined flow, you can translate queries from one tool to another on the fly in a single place without the need to switch to the SIEM environment.
4. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
(https://debugger.immunityinc.com/ID_register.py)
5. INetSim is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.
6. FLAREVM - is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers.
(https://www.fireeye.com/services/freeware/flare-vm.html)
7. REMNUX - REMnux® is a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools
8. SCDBG - is a shellcode analysis application built around the [libemu emulation](http://libemu.carnivore.it/) library. When run it will display to the user all of the Windows API the shellcode attempts to call.
(http://sandsprite.com/blogs/index.php?uid=7&pid=152)
9. MalAPI.io - maps [Windows APIs](https://docs.microsoft.com/en-us/windows/win32/apiindex/windows-api-list) to common techniques used by malware
10. Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
(https://github.com/hashcat/hashcat#license)
11. Brutescrape | A web scraper for generating password files based on plain text found in specific web pages.
(https://github.com/cheetz/brutescrape)
12. Empathy - Already learned this years ago, but just in case you need it.
Empathy is the ability to emotionally understand what other people feel, see things from their point of view, and imagine yourself in their place. Essentially, it is putting yourself in someone else's position and feeling what they must be feeling.
What Is Empathy? (verywellmind.com)
Happy New Year everyone! Cheers to this year and hopefully another productive year this 2022!
I am going to make a blog post for each tool and what they do. Watch this space next year ;)
