jstrosch

Josh Stroschein's repositories

malware-samples

Malware samples, analysis exercises and other interesting resources.

Language:HTML1396 850

This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.

Language:C534 16 1

learning-reverse-engineering

This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.

Language:C438 20 1

sclauncher

A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.

Language:CMIT78 1 3

subparse

Modular malware analysis artifact collection and correlation framework

Language:PythonMIT49 40

subcrawl

SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as Elastic.

Language:PythonMIT36 10

XOR-Decode-Strings-IDA-Plugin

This IDA Python plugin is intended to get you started creating IDA Plugins with Python, recognize the importance of deobfuscating strings and work on translating assembly to a higher-level language (i.e. Python).

Language:Python27 3 1

graph-maldoc-similar-images

A script that extracts embedded images from Office Open XML (OOXML) documents and generates image hash similarity graphs that cluster visually similar images together. The script computes the Average Hash of each extracted image, then graphs the images if they meet the similarity threshold. The script can be used as a technique for visually identifying malware campaigns involving documents. To use the script, supply a directory containing OOXML files. If LibreOffice is in your PATH you can optionally convert non-OOXML Word, Excel, PowerPoint and Rich Text File documents to OOXML. The script outputs DOT files that can be exported as images using Graphviz. If Graphviz is in your PATH you can also export to an SVG (preferred) or PNG image.

Language:Python20 30

search-abuse.ch

Python3 script that can download samples directly from Abuse.CH or via submitted URLs

Language:Python15 30

FLARE-VM-configs

These FLARE-VM configuration files are designed to be help setup a purpose-built installation, remove unnecessary packages to help streamline the installation.

Apache-2.08 10

hybrid-analysis-api

This is a small Python3 script that allows you to search and download samples from Hybrid Analysis' v2 API

Language:Python8 20

shodan-scan-wrapper

Python3 script that wraps Shodan CLI - it resolves a domain to an IP and then performs a scan

Language:Python8 2 1

Username_Generator

A Burp Extension that parses emails from HTTP content and can optionally generate usernames.

Language:PythonMIT8 20

malware-signatures

A collection of various signatures that I have either found or created, useful for malware analysis.

Language:YARA5 20

Academic

This is a repository for a variety of academic projects

Language:C4 4 1

Rapid-Tool-Development

This repository contains programs for CSC 842.

Language:Python4 30

CSC-840

Language:C++3 30

ps-suricata-lab

3 30

emotet-droppers-fall2019

Python3 script that deobfuscates and then decodes base64 string that contains PowerShell script and extracts the URLs used to download Emotet binaries

Language:Python2 20

learning-software-exploitation

This repository contains sample code, projects and lab walk-throughs to help learn software exploitation.

2 20

derbycon-binary_ninja

Repo contains code for our DerbyCon 2016 talk comparing Binary Ninja and IDA Pro.

Language:Python020

jstrosch

My personal repository

010

openHAB---Binding-Template

Language:Java020

suricata

Suricata git repository maintained by the OISF

Language:CGPL-2.0010