Explore @fkie-cad Open Source projects

cwe_checker finds vulnerable patterns in binary executables

1,202

cwe_checker

The goal of this project is to help researchers to analyze traffic encapsulated in SSL or TLS.

1,088

friTap

JavaScript

257

dewolf

A research decompiler implemented as a Binary Ninja plugin.

A de-socketing library for fuzzing.

171

libdesock

125

nvd-json-data-feeds

Community reconstruction of the legacy JSON NVD Data Feeds. This project uses and redistributes data from the NVD API but is neither endorsed nor certified by the NVD.

Robust Automated Malware Unpacker

100

RoAMer

Standalone Utility for FACT-like extraction

fact_extractor

A distributed fuzzing management framework

LuckyCAT

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

iva

Fighting String Encryption in Android Malware

DeStroid

LibAFL components for stateful fuzzing

butterfly

Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.

yapscan

socbed

A Self-Contained Open-Source Cyberattack Experimentation Testbed

A FUSE module to mount captured network data

pcapFS

C++

Logprep

log data pre processing, generation and shipping in python

firmware evaluation reference corpus

embedded-evaluation-corpus

ipal_transcriber

Industrial protocol transcriber - a common representation of industrial communication as input for protocol-independent industrial intrusion detection systems.

Industrial Intrusion Detection - A framework for protocol-independent industrial intrusion detection on top of IPAL.

ipal_ids_framework

Dockerfile for building the FACT container

FACT_docker

A co-simulation framework for reasearching cybersecurity in power grids.

wattson

Industrial datasets - datasets for evaluating industrial intrusion detection systems on IPAL.

ipal_datasets

FACT analysis plug-in that maps software version to cves

FACT_analysis-plugin_CVE-lookup

Header information parser for PE, ELF, DEX, MachO, ZIP (JAR, DocX).

headerParser

blackbox-opcua-fuzzing

Codescanner

PNG file carving related material

png-carving

C++

mcritweb

JavaScript

FACT_firmadyne_analysis_plugin

Integrates Firmadyne into FACT

A documentation of the Bidcos (homematic) radio protocol with focus on practical security aspects

bidcos-security-doc

This repository provides fuzzing scripts to analyze an IEC 61850 implementation

61850-fuzzing

A framework to generate file carving test data.

woodblock

E²VA short for Exploitation Experience with Vulnerable App is a vulnerable app to learn userspace exploitation on Android

eeva

Java

common_analysis_oms

Offline Malware Scanner (OMS) scans files with multiple locally installed malware scanners.

A graph-based logic engine for bitwise operations.

dewolf-logic

FACT PDF Report Generator

fact_pdf_report

A lua plugin for Wireshark which contains dissectors for common maritime protocols.

maritime-dissector

Lua

common_analysis_ip_and_uri

Detects IPv4 and IPv6 adresses as well as URIs

Our artifacts to our Paper: "Algorithmic Heap Layout Manipulation in the Linux Kernel"

Algorithmic-Heap-Layout-Manipulation-in-the-Linux-Kernel

bpmac

talk

NtDeviceIoControlFile talker

windowsScripts

A collection of some useful windows (batch) scripts.

Batchfile

common_helper_extraction

Extraction support functions

Companion Repository to our the whitepaper "Towards Reliable and Scalable Linux Kernel CVE Attribution in Automated Static Firmware Analyses": https://arxiv.org/abs/2209.05217

cve-attribution-s2

File type helper functions and magic library

fact_helper_file

Efficient calculation of shannon byte entropy based on rust library.

entropython

Workshop: Forensic Analysis of eBPF based Linux Rootkits

bpf-rootkit-workshop

docker_qemu_user

Phusion-based docker image containing the binaries for Qemu User Emulation

epf-parameter-screening

PIdARCI Prototype Implementation

pidarci

Download this template if you want to write your own FACT analysis plug-in

FACT_analysis_plugin_template

This tool is intended to create a ground truth matching specific parameters for scientific research on firmware.

FACT_Search_and_Download

common_helper_files

Yara command line wrapper

common_helper_yara

base docker image for ghidra headless scripting

docker_ghidra_headless_base

Dockerfile

bamboo-chuck-norris-plugin

ELFbin

ssdeeper

Supplemental material for our paper: ssdeeper - Evaluating and Improving ssdeep.

generate nice structured output

common_helper_filter

Docker image with current BAP (opam testing) and other dependencies for fast testing of cwe_checker on travis

cwe_checker_travis_docker_image

Dockerfile

mana

Base class for FACT remote analysis systems

FACT_remote_plugin_runner

epf-case-study

fact_radare_viewer

Start radare webUI via REST in container and deliver url to view

SOCBED evaluation code and dataset as presented at ACSAC 2021

socbed-eval-acsac-2021

Try to guess if unpacking a container was successfull.

ei2f

C++

common_helper_unpacking_classifier

Dockerfile for Radare2 web gui

docker-radare-web-gui

fail-safe process helpers

common_helper_process

A new approach for compiler idioms handling that automatically generates patterns to annotate them.

dewolf-idioms

conpot-plus

Helper functions for handling password lists and files.

frida-emulator-bypass

common_helper_passwords

Web Content Integrity: Tamper-proof websites beyond HTTPS

Web-Content-Integrity

HTML

spmac

A minimal terminal hex viewer supporting reading, writing and searching in files and processes.

hexter

powerowl

PowerOwl models power grids as a whole and allows to simulate their power-domain behavior.

Currently, the project is being heavily refactored and is therefore in an unusable state. Android RE library for static forward and backward slicing

DEXSLib

Java

fact_goblin_bindings

Goblin bindings for parsing ELF header information in FACT