Cyber Threat Intelligence and Detection

Tools for threat intelligence, malicious documents and PDF analysis.

cryptam

The Cryptam command line tool is used to analyze documents for embedded executables, to scan for known exploits and identify suspicious elements of new threa...

DoveHawk

Threat Hunting with Zeek (formerly Bro) and MISP

PDFExaminer

The PDFExaminer command line scanner is a tool to process PDF documents for decompression, decryption, and deobfuscation, to scan for known exploits and iden...

QuickSand

QuickSand is a new Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressi...