Security

Cyber Security, IT Security, Cyber Defence

rtfobj - a python tool to extract embedded objects from RTF files

rtfobj is a Python module to extract embedded objects from RTF files, such as OLE ojects. It can be used as a Python library or a command-line tool. It is part of the oletools package. 

oleid - a python tool to quickly analyze OLE files

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

olebrowse - a simple python GUI to browse OLE files and extract streams

olebrowse is a simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams. It is part of the oletools package.

CherryProxy - a filtering HTTP proxy extensible in Python

CherryProxy is a simple HTTP proxy written in Python 2.x, based on the CherryPy WSGI server and httplib, extensible for content analysis and filtering.

ExeFilter - an open-source tool and framework to filter files and active content

ExeFilter is an open-source tool and python framework to filter file formats in e-mails, web pages or files. It detects many common file formats and can remove active content (scripts, macros, etc) according to a configurable policy.

CanSecWest08 - ExeFilter

This is a presentation at the CanSecWest08 conference about ExeFilter, an open-source tool and framework to filter files and active content.

EUSecWest 2010 - Fighting PDF malware with ExeFilter

This is a presentation given at the EUSecWest 2010 conference in Amsterdam on the 16 June about recent PDF vulnerabilities and malware, showing how a tool such as ExeFilter may be used to provide additional protection as a complement to antivirus engines.

Origapy - a Python module to sanitize PDF files

Origapy is a Python interface to Origami, a PDF parser written in Ruby. It provides access to pdfclean.rb, in order to sanitize PDF files by disabling all active content (javascript, launch actions, embedded files, etc). Because Origami is a full PDF parser, it is much more effective than PDFiD (when sanitizing/disarming PDF files), but also quite slower.

PDFiD - a Python module to analyze and sanitize PDF files

PDF files may be used to trigger malicious content, as described here. PDFiD is a Python tool to analyze and sanitize PDF files, written by Didier Stevens. Here is PDFiD_PL, a version that I have slightly modified so that it can be imported as a module in Python applications (originally for ExeFilter).

SSTIC10 - Visualization and Dynamic Risk Assessment for Cyber Defence

Paper and presentation about visualization and dynamic risk assessment for cyber defence, presented at the SSTIC symposium on June 9 2010.

Syndicate content