Security

NSA's software reverse engineering suite. Disassembly, decompilation, scripting, and graphing. Supports dozens of processor architectures.

Unix-like reverse engineering framework. Disassembler, debugger, hex editor, and binary analysis. Scriptable with r2pipe.

Free and open-source RE platform built on Rizin. Graphical interface for reverse engineering with decompiler, graph views, and debugger.

Open-source x64/x32 debugger for Windows. User-friendly interface, plugin system, scripting, and advanced analysis features.

Industry-standard interactive disassembler by Hex-Rays. Free version supports x86/x64. Essential for malware analysis and RE.

.NET debugger and assembly editor. Decompile, edit, and debug .NET assemblies without source code. Essential for .NET RE.

Determine file types by signatures. Detect packers, compilers, linkers, and protectors. Essential first step in malware analysis.

Advanced automated malware analysis system. Execute suspicious files in isolated VMs, track API calls, network traffic, and file changes.

Malware configuration and payload extraction. Advanced fork of Cuckoo with YARA integration, behavior analysis, and config extraction.

Detects capabilities in executable files. Identifies what malware can do (e.g., HTTP comms, file encryption) using MITRE ATT&CK mapping.

FireEye Labs Obfuscated String Solver. Automatically extracts obfuscated strings from malware. Goes beyond basic strings extraction.

Swiss army knife for WiFi, Bluetooth, and network attacks. ARP spoofing, DNS spoofing, proxy, sniffer, and WiFi module.

Sysinternals system monitor. Logs process creation, network connections, file changes, and driver loads. Essential for threat detection.

Physical memory acquisition tool for Windows. Captures RAM for forensic analysis. Kernel driver-based, minimal footprint.

Malware initial assessment tool. Analyzes PE files without executing them. Detects anomalies, imports, resources, and indicators.

Active Directory security assessment tool. Generates risk scores, identifies misconfigurations, and provides remediation guidance.

Sysinternals Active Directory viewer and editor. Browse AD database, take snapshots, compare changes. Essential for AD forensics.

BloodHound data collector for Active Directory. Gathers AD relationships, permissions, and trust info for attack path analysis.

Easy-to-use graphical interface for ClamAV. Scan files, folders, and directories. Schedule scans and manage quarantine. GTK-based.

Complete implementation of the OpenPGP standard. Encrypt and sign data and communications. Key management and trust model.

Free disk encryption software based on TrueCrypt. Create encrypted volumes, encrypt partitions, and encrypt entire drives. Plausible deniability.

Free, open-source application firewall. Monitor and control network activity per-app. Built-in DNS privacy, ad-blocking, and tracker blocking.

Open-source host-based intrusion detection system. Log analysis, file integrity monitoring, rootkit detection, and active response.

Free, open-source Linux distribution for threat hunting, enterprise security monitoring, and log management. Includes Zeek, Suricata, ELK.