▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Cryptographic Algorithms


<table>
<tbody>
<tr>
<th scope="col">Algorithm</th>
<th scope="col">Operation</th>
<th scope="col">Status</th>
<th scope="col">Alternative</th>
<th scope="col">QCR</th>
</tr>
<tr>
<td>DES</td>
<td>Encryption</td>
<td>Avoid</td>
<td>AES</td>
<td>&mdash;</td>
</tr>
<tr>
<td>3DES</td>
<td>Encryption</td>
<td>Legacy</td>
<td>AES</td>
<td>&mdash;</td>
</tr>
<tr>
<td>RC4</td>
<td>Encryption</td>
<td>Avoid</td>
<td>AES</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
<p>AES-CBC mode</p>
<p>AES-GCM mode</p>
</td>
<td>
<p>Encryption</p>
<p>Authenticated encryption</p>
</td>
<td>
<p>Acceptable</p>
<p>NGE</p>
</td>
<td>
<p>AES-GCM</p>
<p>&mdash;</p>
</td>
<td>
<p>✓ (256-bit)</p>
<p>✓ (256-bit)</p>
</td>
</tr>
<tr>
<td>
<p>DH-768, -1024</p>
<p>RSA-768, -1024</p>
DSA-768, -1024</td>
<td>
<p>Key exchange</p>
<p>Encryption</p>
<p>Authentication</p>
</td>
<td>
<p>Avoid</p>
</td>
<td>
<p>DH-3072 (Group 15)</p>
<p>RSA-3072</p>
DSA-3072</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
<p>DH-2048</p>
<p>RSA-2048</p>
DSA-2048</td>
<td>
<p>Key exchange</p>
<p>Encryption</p>
<p>Authentication</p>
</td>
<td>
<p>Acceptable</p>
</td>
<td>
<p>ECDH-256</p>
<p>&mdash;</p>
ECDSA-256</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
<p>DH-3072</p>
<p>RSA-3072</p>
<p>DSA-3072</p>
</td>
<td>
<p>Key exchange</p>
<p>Encryption</p>
<p>Authentication</p>
</td>
<td>Acceptable</td>
<td>
<p>ECDH-256</p>
<p>&mdash;</p>
ECDSA-256</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>MD5</td>
<td>Integrity</td>
<td>Avoid</td>
<td>SHA-256</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
<p>SHA-1</p>
</td>
<td>
<p>Integrity</p>
</td>
<td>
<p>Legacy</p>
</td>
<td>
<p>SHA-256</p>
</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
<p>SHA-256</p>
<p>SHA-384</p>
<p>SHA-512</p>
</td>
<td>
<p>Integrity</p>
</td>
<td>
<p>NGE</p>
</td>
<td>
<p>SHA-384</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>✓</p>
<p>✓</p>
</td>
</tr>
<tr>
<td>HMAC-MD5</td>
<td>Integrity</td>
<td>Legacy</td>
<td>HMAC-SHA-256</td>
<td>&mdash;</td>
</tr>
<tr>
<td>HMAC-SHA-1</td>
<td>Integrity</td>
<td>Acceptable</td>
<td>HMAC-SHA-256</td>
<td>&mdash;</td>
</tr>
<tr>
<td>HMAC-SHA-256</td>
<td>Integrity</td>
<td>NGE</td>
<td>&mdash;</td>
<td>✓</td>
</tr>
<tr>
<td>
<p>ECDH-256</p>
ECDSA-256</td>
<td>
<p>Key exchange</p>
<p>Authentication</p>
</td>
<td>
<p>Acceptable</p>
</td>
<td>
<p>ECDH-384</p>
ECDSA-384</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
<p>ECDH-384</p>
ECDSA-384</td>
<td>
<p>Key exchange</p>
<p>Authentication</p>
</td>
<td>
<p>NGE</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td colspan="5"><a name="ftn1"></a>
<p>1. QCR = quantum computer resistant.</p>
<a name="ftn2"></a>
<p>2. NGE = next generation encryption.</p>
</td>
</tr>
</tbody>
</table>


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Notes about Cryptographic Algorithms :

- Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.

- Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms.

- Acceptable: Acceptable algorithms provide adequate security.

- Next generation encryption (NGE): NGE algorithms are expected to meet the security and scalability requirements of the next two decades. For more information, see Next Generation Encryption.

- Quantum computer resistant (QCR): There's a lot of research around quantum computers (QCs) and their potential impact on current cryptography standards. Although practical QCs would pose a threat to crypto standards for public-key infrastructure (PKI) key exchange and encryption, no one has demonstrated a practical quantum computer yet. It is an area of active research and growing interest. Although it is possible, it can't be said with certainty whether practical QCs will be built in the future. An algorithm that would be secure even after a QC is built is said to have postquantum security or be quantum computer resistant (QCR). AES-256, SHA-384, and SHA-512 are believed to have postquantum security. There are public key algorithms that are believed to have postquantum security too, but there are no standards for their use in Internet protocols yet.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Additional References :
(Cryptographic Algorithms)

- NIST Post-Quantum Cryptography Project: https://csrc.nist.gov/projects/post-quantum-cryptography
- Post Quantum Cryptography (Wikipedia): https://en.wikipedia.org/wiki/Post-quantum_cryptography

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Bug Bounty Tips and Information

Getting Started :

- Bug Bounties 101

- The life of a bug bounty hunter

- Awesome list of bugbounty cheatsheets

- Getting Started - Bug Bounty Hunter Methodology

- How to Become a Successful Bug Bounty Hunter

- Researcher Resources - How to become a Bug Bounty Hunter

🦑 Write Ups and Walkthroughs
- Awesome Bug Bounty Writeups



> git sources
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#DOCKERS 2020 FOR Container Composition

- bocker (2) - Write Dockerfile completely in Bash. Extensible and simple. --> Reusable by @icy

- box - Build Dockerfile images with a mruby DSL, includes flattening and layer manipulation

- Capitan - Composable docker orchestration with added scripting support by @byrnedo.

- compose_plantuml - Generate Plantuml graphs from docker-compose files by @funkwerk

- Composerize - Convert docker run commands into docker-compose files

- crowdr - Tool for managing multiple Docker containers (docker-compose alternative) by @polonskiy

- docker-compose-graphviz - Turn a docker-compose.yml files into Graphviz .dot files by @abesto

- draw-compose - Utility to draw a schema of a docker compose by @Alexis-benoist

- elsy - An opinionated, multi-language, build tool based on Docker and Docker Compose

- habitus - A Build Flow Tool for Docker by @cloud66

- plash - A container run and build engine - runs inside docker.

- rocker-compose - Docker composition tool with idempotency features for deploying apps composed of multiple containers. By @grammarly

- rocker - Extended Dockerfile builder. Supports multiple FROMs, MOUNTS, templates, etc. by grammarly.

- Stacker - Docker Compose Templates. Stacker provides an abstraction layer over Docker Compose and a better DX (developer experience)


> git sources
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Deployment and Infrastructure tools-tips-dockers 2020 :


- blackfish - a CoreOS VM to build swarm clusters for Dev & Production by @DataMC

- Centurion - Centurion is a mass deployment tool for Docker fleets. It takes containers from a Docker registry and runs them on a fleet of hosts with the correct environment variables, host volume mappings, and port mappings. By @newrelic

- Clocker - Clocker creates and manages a Docker cloud infrastructure. Clocker supports single-click deployments and runtime management of multi-node applications that run as containers distributed across multiple hosts, on both Docker and Marathon. It leverages Calicocalico and Weaveweave for networking and Brooklynbrooklyn for application blueprints. By @brooklyncentral

- Conduit - Experimental deployment system for Docker by @ehazlett

- depcon - Depcon is written in Go and allows you to easily deploy Docker containers to Apache Mesos/Marathon, Amazon ECS and Kubernetes. By @gonodrgondor

- Grafeas - A common API for metadata about containers, from image and build details to security vulnerabilities. By Grafeas

> git sources
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Building Your Own Penetration Testing Lab :
t.me/UndercodeTesting


The following are some tips and instructions on how you can build your own lab for penetration testing and to practice different defensive techniques helpful for incident response and digital forensics.

🦑Pen Testing Linux Distributions

While most of the penetration testing tools can be downloaded in isolation and installed in many different operating systems, several popular security-related Linux distributions package hundreds of tools. These distributions make it easy for you to get started and not having to worry about many dependencies, libraries, and compatibility issues you may encounter. The following are the three most popular Linux distributions for ethical hacking (penetration testing):

- Kali Linux: probably the most popular distribution of the three. This distribution is primarily supported and maintained by Offensive Security and can be downloaded from https://www.kali.org. You can easily install it in bare-metal systems, virtual machines, and even in devices like the Raspberry Pi, Chromebooks, and many others.
Note: The folks at Offensive Security have created a free training and book that guides you how to install it in your system. Those resources can be accessed at: https://kali.training

- Parrot: is another popular Linux distribution used by many pen testers and security researchers. You can also install it in bare-metal and in virtual machines. You can download Parrot from https://www.parrotsec.org

- BlackArch Linux: this distribution comes with over 2300 different tools and packages and it is also gaining popularity. You can download BlackArch Linux from: https://blackarch.org

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 #monitor your network-Systems like :

Security Onion

RedHuntOS come with


with Snort,

Suricata, ELK, and many other security tools that allow you to monitor your network.

1) You have to setup port mirroring for IDS/IPS systems like Snort to be able to monitor traffic.

2) In Proxmox, you can setup Linux bridges and Open vSwitch (OVS) bridges.



▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

5️⃣ovs-vsctl -- --id=@p get port tap106i1 \
-- --id=@m create mirror name=span1 select-all=true output-port=@p \
-- set bridge vmbr3 mirrors=@m

6️⃣vmbr3 is the OVS bridge for that internal network. This creates a new “mirror” object named “span1”. Span1 will send any IP traffic on the vmbr3 OVS bridge to the second virtual interface on VM 106 (tap106i1).


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 OVS Setup
I strongly recommend to use OVS bridges to send traffic to your Security Onion VM (or whatever other VM you would like to capture packets or monitor for IDS/IPS functions.

- Note: A bridge is another term for a Switch. It directs traffic to the appropriate interface based on mac address. Open vSwitch bridges should contain raw ethernet devices, along with virtual interfaces such as OVSBonds or OVSIntPorts. These bridges can carry multiple vlans, and be broken out into 'internal ports' to be used as vlan interfaces on the host.

1️⃣First, you need to update the package index and then install the Open vSwitch packages by executing:

apt update
apt install openvswitch-switch

2️⃣Then you can create an OVS bridge and assign the interfaces of each VM that you want to capture packets to that OVS bridge.

3️⃣You then configure the tap interfaces. These are only visible in the system shell (not in the Proxmox GUI) and are added automatically for VMs attached to an OVS-bridge interface. The naming convention of the tap interfaces is based on the ID of the VM they are assigned to, with the name tap[VM-ID]i[interface#].

For example, these are some of the interfaces in one of the Proxmox nodes/servers in one of my clusters:

┌─[root@hermes]─[~]
└──╼ #ip -brie a
lo UNKNOWN 127.0.0.1/8 ::1/128
enp0s31f6 DOWN
enp1s0f0 UP
enp1s0f1 DOWN
enp3s0f0 UP
enp3s0f1 DOWN
vmbr0 UP 192.168.78.10/24 fe80::92e2:baff:fe84:dbd0/64
vmbr1 UP 10.1.1.10/24 fe80::a236:9fff:fe1c:2430/64
vmbr2 UNKNOWN fe80::f84b:12ff:fe3c:6e61/64
ovs-system DOWN
vmbr3 UNKNOWN fe80::208a:52ff:fe6d:504f/64
tap109i0 UNKNOWN
fwbr109i0 UP
fwpr109p0@fwln109i0 UP
fwln109i0@fwpr109p0 UP
tap109i1 UNKNOWN
tap109i2 UNKNOWN
fwbr109i2 UP
fwpr109p2@fwln109i2 UP
fwln109i2@fwpr109p2 UP
tap112i0 UNKNOWN
fwbr112i0 UP
fwpr112p0@fwln112i0 UP
fwln112i0@fwpr112p0 UP
tap112i1 UNKNOWN
fwbr112i1 UP
fwpr112p1@fwln112i1 UP
fwln112i1@fwpr112p1 UP
tap114i0 UNKNOWN
tap119i0 UNKNOWN
fwbr119i0 UP
fwpr119p0@fwln119i0 UP
fwln119i0@fwpr119p0 UP
tap119i1 UNKNOWN
fwbr119i1 UP
fwpr119p1@fwln119i1 UP
fwln119i1@fwpr119p1 UP
tap121i0 UNKNOWN
veth122i0@if59 UP
fwbr122i0 UP
fwpr122p0@fwln122i0 UP
fwln122i0@fwpr122p0 UP
veth122i1@if64 UP
fwbr122i1 UP
fwpr122p1@fwln122i1 UP
fwln122i1@fwpr122p1 UP
tap126i0 UNKNOWN
fwbr126i0 UP
fwpr126p0@fwln126i0 UP
fwln126i0@fwpr126p0 UP
veth130i0@if73 UP
fwbr130i0 UP
fwpr130p0@fwln130i0 UP
fwln130i0@fwpr130p0 UP
veth136i0@if78 UP
fwbr136i0 UP
fwpr136p0@fwln136i0 UP
fwln136i0@fwpr136p0 UP
fwbr109i1 UP
fwln109o1 UNKNOWN
veth115i0@if89 UP
fwbr115i0 UP
fwln115o0 UNKNOWN
tap106i0 UNKNOWN
fwbr106i0 UP
fwpr106p0@fwln106i0 UP
fwln106i0@fwpr106p0 UP
tap106i1 UNKNOWN

tap106i0 is the first (0) virtual interface created for VM with ID 106, and tap106i1 is the second such interface.

4️⃣In order to send all traffic on the OVS bridge to the Security Onion VM (VM 106). I use the following command in the Proxmox node:

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Digital #Forensics and Incident Response (DFIR) Resources

🦑Incident Response

[Cyphon](https://www.cyphon.io/) - Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

Demisto - Demisto community edition(free) offers full Incident lifecycle management, Incident Closure Reports, team assignments and collaboration, and many integrations to enhance automations (like Active Directory, PagerDuty, Jira and much more...)

[FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike

RTIR - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker

[SCOT](http://getscot.sandia.gov/) - Sandia Cyber Omni Tracker (SCOT) is an Incident Response collaboration and knowledge capture tool focused on flexibility and ease of use. Our goal is to add value to the incident response process without burdening the user

threat_note - A lightweight investigation notebook that allows security researchers the ability to register and retrieve indicators related to their research



@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 #Playbooks new list :

[Demisto Playbooks Collection](https://www.demisto.com/category/playbooks/) - Playbooks collection

IRM - Incident Response Methodologies by CERT Societe Generale

[IR Workflow Gallery](https://www.incidentresponse.com/playbooks/) - Different generic incident response workflows, e.g. for malware outbreak, data theft, unauthorized access,... Every workflow constists of seven steps: prepare, detect, analyze, contain, eradicate, recover, post-incident handling. The workflows are online available or for download

PagerDuty Incident Response Documentation - Documents that describe parts of the PagerDuty Incident Response process. It provides information not only on preparing for an incident, but also what to do during and after. Source is available on GitHub.

> git sources
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Game Hacking

- The Ultimate Game Hacking Resource: A curated list of tools, tutorials, and much more for reverse engineering video games!
https://github.com/dsasmblr/game-hacking

- The Ultimate Online Game Hacking Resource: https://github.com/dsasmblr/hacking-online-games


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Domain #Analysis- #gathering information

[badips.com](https://www.badips.com/) - Community based IP blacklist service.

boomerang - A tool designed
for consistent and safe capture of off network web resources.

[Cymon](https://cymon.io/) - Threat intelligence tracker, with IP/domain/hash
search.

Desenmascara.me - One click tool to retrieve as
much metadata as possible for a website and to assess its good standing.

[Dig](https://networking.ringofsaturn.com/) - Free online dig and other
network tools.

dnstwist - Domain name permutation
engine for detecting typo squatting, phishing and corporate espionage.

[IPinfo](https://github.com/hiddenillusion/IPinfo) - Gather information
about an IP or domain by searching online resources.

Machinae - OSINT tool for
gathering information about URLs, IPs, or hashes. Similar to Automator.

[mailchecker](https://github.com/FGRibreau/mailchecker) - Cross-language
temporary email detection library.

MaltegoVT - Maltego transform
for the VirusTotal API. Allows domain/IP research, and searching for file
hashes and scan reports.

[Multi rbl](http://multirbl.valli.org/) - Multiple DNS blacklist and forward
confirmed reverse DNS lookup over more than 300 RBLs.

NormShield Services - Free API Services
for detecting possible phishing domains, blacklisted ip addresses and breached
accounts.

[SpamCop](https://www.spamcop.net/bl.shtml) - IP based spam block list.

SpamHaus - Block list based on
domains and IPs.

[Sucuri SiteCheck](https://sitecheck.sucuri.net/) - Free Website Malware
and Security Scanner.

Talos Intelligence - Search for IP, domain
or network owner. (Previously SenderBase.)

[TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool
for gathering information about URLs, IPs, or hashes.

URLQuery - Free URL Scanner.

[urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information.

Whois - DomainTools free online whois
search.

[Zeltser's List](https://zeltser.com/lookup-malicious-websites/) - Free
online tools for researching malicious websites, compiled by Lenny Zeltser.

ZScalar Zulu - Zulu URL Risk Analyzer.

> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new termux hack tool for Hack Patten :
> in a way- generating pattern phishing tool which can hack victim pattern :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽

$ apt-get update -y
$ apt-get upgrade -y
$ pkg install python -y
$ pkg install python2 -y
$ pkg install git -y
$ pip install lolcat
$ git clone https://github.com/noob-hackers/hacklock
$ ls
$ cd hacklock
$ ls
$ bash hacklock.sh

🦑How it Works ?


1) Now you need internet connection to continue further process and Turn on your device hotspot to get link...

2) You will recieve patter pin in below image you can see pattern with numbers

3)You can select any option by clicking on your keyboard

Note:- Don't delete any of the scripts included in core files

4) From this option you can create phishing pattern link which get keys of victim pattern after he used this link


✅

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Documents and #Shellcode

* [AnalyzePDF](https://github.com/hiddenillusion/AnalyzePDF) - A tool for
analyzing PDFs and attempting to determine whether they are malicious.

* [box-js](https://github.com/CapacitorSet/box-js) - A tool for studying JavaScript
malware, featuring JScript/WScript support and ActiveX emulation.

* [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing
malicious shellcode.

* [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation.

* [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) -
Deobfuscate simple Javascript that use eval or document.write to conceal
its code.

* [libemu](http://libemu.carnivore.it/) - Library and tools for x86 shellcode
emulation.

* [malpdfobj](https://github.com/9b/malpdfobj) - Deconstruct malicious PDFs
into a JSON representation.

* [OfficeMalScanner](http://www.reconstructer.org/code.html) - Scan for
malicious traces in MS Office documents.

* [olevba](http://www.decalage.info/python/olevba) - A script for parsing OLE
and OpenXML documents and extracting useful information.

* [Origami PDF](https://code.google.com/archive/p/origami-pdf) - A tool for
analyzing malicious PDFs, and more.

* [PDF Tools](https://blog.didierstevens.com/programs/pdf-tools/) - pdfid,
pdf-parser, and more from Didier Stevens.

* [PDF X-Ray Lite](https://github.com/9b/pdfxray_lite) - A PDF analysis tool,
the backend-free version of PDF X-RAY.

* [peepdf](http://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Python
tool for exploring possibly malicious PDFs.

* [QuickSand](https://www.quicksand.io/) - QuickSand is a compact C framework
to analyze suspected malware documents to identify exploits in streams of different
encodings and to locate and extract embedded executables.

* [Spidermonkey](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey) -
Mozilla's JavaScript engine, for debugging malicious JS.


> git sources
@UndercodeTesting
@undercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁