TinyCheck allows you to easily capture network communications from a smartphone or any device which can be associated to a Wi-Fi access point in order to quickly analyze them. This can be used to check if any suspect or malicious communication is outgoing from a smartphone, by using heuristics or specific Indicators of Compromise (IoCs). In order to make it working, you need a computer with a Debian-like operating system and two Wi-Fi interfaces. The best choice is to use a Raspberry Pi (2+) a Wi-Fi dongle and a small touch screen. This tiny configuration (for less than $50) allows you to tap any Wi-Fi device, anywhere.
A framework used by penetration testers for building custom exploits for infiltrating systems. Written in Ruby. Comes with a large library of payloads and other nifty and fascinating tools. It's worth learning to use if you're serious about penetration testing or exploit development. Also, the cutting edge of attack technologies winds up coming out of the Metasploit project.
A cheat-sheet for reverse engineering malware, by Lenny Zeltser.
An excellent article from the Internet Storm Center about carving executables out of other sorts of files (like .rtf documents) for the purposes of identification and reverse engineering.
Cuckoo is an isolated virtual machine that assists and partially automates the analysis and reverse engineering of malware. It can be used to analyze malware and its components for Windows, suspicious document files, and obfuscated or otherwise dodgy scripts. It can be used to trace API calls and capture network taffic for analysis. It is also designed for extensibility, so you can implement your own analysis and reverse engineering processes to add to the virtual machine. Has a Github repository.
github virtual-machine open-source reverse-engineering virtualbox tools sandbox analysis malware
Awesome list of curated hacking infosec pentesting resources.
Cuckoo is a system emulator written in Python for analyzing malware. It automates much of the process of reverse engineering malware samples, such as tracing execution, snapshotting memorry, tracing API and function calls, and dumping network traffic. Generates reports at the end of execution. Modular design, so it's easily customizable.
3697 links, including 185 private