WithSecure Labs

icon indicating a website link https://labs.withsecure.com/

icon location Welcome to WithSecure Labs. Here we publish research, and share our tools with the security community.

Results 44 repositories owned by WithSecure Labs

chainsaw

2.6k
Stars
230
Forks
Watchers

Rapidly Search and Hunt through Windows Forensic Artefacts

verified publisher icon WithSecureLabs

awspx

881
Stars
100
Forks
Watchers

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

verified publisher icon WithSecureLabs

snake

217
Stars
41
Forks
Watchers

snake - a malware storage zoo

verified publisher icon WithSecureLabs

ppid-spoofing

134
Stars
20
Forks
Watchers

Scripts for performing and detecting parent PID spoofing

verified publisher icon WithSecureLabs

python-exe-unpacker

873
Stars
334
Forks
Watchers

A helper script for unpacking and decompiling EXEs compiled from python code.

verified publisher icon WithSecureLabs

doublepulsar-c2-traffic-decryptor

225
Stars
138
Forks
Watchers

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

verified publisher icon WithSecureLabs

CallStackSpoofer

394
Stars
61
Forks
Watchers

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

verified publisher icon WithSecureLabs

doublepulsar-detection-script

1.0k
Stars
318
Forks
Watchers

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

verified publisher icon WithSecureLabs

doublepulsar-usermode-injector

112
Stars
42
Forks
Watchers

A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.

verified publisher icon WithSecureLabs

needle

1.3k
Stars
280
Forks
Watchers

The iOS Security Testing Framework

verified publisher icon WithSecureLabs