CERT Polska

drakvuf-sandbox

DRAKVUF Sandbox - automated hypervisor-level malware analysis system

Artemis

A modular vulnerability scanner with automatic report generation capabilities.

mquery

YARA malware query accelerator (web frontend)

karton

Distributed malware processing framework based on Python, Redis and S3.

mwdb-core

Malware repository component for samples & static configuration with REST API interface.

malduck

:duck: Malduck is your ducky companion in malware analysis journeys

hfinger

Hfinger - fingerprinting HTTP requests

ursadb

Trigram database written in C++, suited for malware indexing

n6

Automated handling of data feeds for security teams

phobos-cuda-decryptor-poc

mwdblib

Client library for the mwdb service by CERT Polska.

Artemis-modules-extra

training-mwdb

MWDB exercises

karton-misp-pusher

karton-playground

drakvuf

DRAKVUF Black-box Binary Analysis

drakpdb

Convert Windows PDB into JSON profile supported by DRAKVUF/LibVMI

mwdb_iocextract

karton-config-extractor

Static configuration extractor for the Karton framework

karton-autoit-ripper

AutoIt script ripper for Karton framework

karton-classifier

File type classifier for the Karton framework.

karton-dashboard

A small Flask application that allows for Karton task and queue introspection.

mwdb-plugin-drakvuf

DRAKVUF Sandbox simple integration plugin for mwdb-core.

karton-archive-extractor

Extractor of various archive formats for Karton framework

karton-yaramatcher

File and analysis artifacts yara matcher for Karton framework

karton-asciimagic

Various decoders for ascii-encoded executables for Karton framework

karton-mwdb-reporter

Karton service that uploads analyzed artifacts and metadata to MWDB Core

python-deploy

Build, push and deploy k8s services with single deploy.json file to provide common convention for multiple production services.

lint-python-action

sflock

Sample staging & detonation utility to be used in combination with Cuckoo Sandbox.