HitmanPro (Download | User Manual)
HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).
Ransomware Removal Tool (Download | User Manual In the .ISO file)
The purpose of the Ransomware Tool is to clean Ransomware malware infections from end user computers. It uses a generic detection mechanism to even detect previously unknown families of screen locking malware.
Additionally, the tool will generate telemetric data about the infection. It uploads the sample which can be furthermore used to identify C&C server.
Conan Mobile (Download | User Manual)
End user tool for Android devices that helps users to know the security state of the device configuration and installed apps, through three main activities: Configuration devices analysis, analysis of installed applications and use of proactive services.
DE-CIX jFlowLib (Download | User Manual)
jFlowLib is a Java library to parse and generate sFlow and IPFIX data. For this, jFlowLib consists of two parts: jsFlow is Java library for sFlow (version 5). sFlow is an industry standard to monitor switches and routers. jIPFIX is Java library for IPFIX. IPFIX is an IETF protocol and it was created based on the need for a common, universal standard of export for Internet Protocol flow information from routers, probes and other devices that are used by mediation, accounting/billing systems.
Spamtrap and low interaction honeypot(s) multipurpose appliance (Download | User Manual)
“Honeypot virtual appliance contains Glastopf honeypot which catches self-spreading malware and malware URLs. Glastopf is capable of capturing the malware samples which the attackers use to exploit web vulnerabilities they think they found. „Remote File Inclusion“ attack type is being considered because it uses third-party compromised hosts. Those samples can contain IRC bots. Data from the honeypots is regularly sent after postprocessing to Central Clearing house by the Mediation server. Spamtrap receives spam e-mail sent to dedicated e-mail addresses (known as spamtokens) scattered across (partner) web sites. Addresses (if implemented correctly) remain visible only to harvesters. If more partners would put spamtokens on their web pages this would increase the number of received spams. Mediation Server regularly collects spam messages from all sensor instances and processes this data. This includes scanning for malicious URIs and attachments, detecting spam campaigns and bots.”
Airbus CyberSecurity: Operational Intelligence Centre (Download)
“This solution delivered as a service through a REST API provides automated malware analysis. The results integrates :
– Static analysis
– Dynamic analysis
– Malware classification coming from threat intelligence”
Montimage Monitoring Tool (Download | User Manual)
Montimage monitoring tool is a monitoring solution that allows capturing and analyzing network traffic. It can be used to verify network functional properties, QoS and security properties and is composed of NetCapture probes and a NetOperator application that allow deploying a mixed distributed/centralized network monitoring solution. It incorporates machine-learning algorithms for the identification and statistical analysis of network flows and the detection of unexpected behavior and security.
RelBot (Download | User Manual)
The tool aims to detect infected hosts by analyzing NetFlow/IPFIX records. The algorithm is based on the fact that many p2p botnets use keep-alive messages to their neighbors that are sent with a fixed period.
It also features a module to submit reports about detected infections into ACDC CCH.
Device Monitor (Download | User Manual)
Monitoring and reporting malicious events on your Android device. Main features of the app: – detects master-key exploits – warns about connections to end-points that are reported within malware/central-clearing-house databases – detects SMS hijacks – warns users on applications with privileges that could e.g. leak private data The detection methods are based on known attacks (SMS hijacks, visiting malicious URLs, detecting master key exploits). “Rooted” device is not expected.
Suricata IDS Engine with extensions (Download | User Manual)
Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine. High performance on standard x86/x64 based hardware is achieved by multithreaded engine and/or capturing traffic with supported network capture cards. Detection of suspicions traffic is rule based. It is possible to add new rules at runtime which is provided by the extensions. For this purpose we provided extensions interfacing with CCH (getting new Suricata rules). Suricata engine is being used as a NIDS engine on host running in promiscuous mode to a wireless AP, which is used as a gateway for mobile devices. The engine allows us to monitor and analyse network traffic of mobile devices running over wireless AP. When specific Suricata rule is triggered the traffic is captured in PCAP format and forwarded towards EventCorrelator tool for real-time analysis of PCAP files
Telefonica I+D HoneyNet (Download | User Manual)
TID’s Honeynet is based on following open source software: Glastopf, kippo and Amun. It is deployed using Telefónica Spain IP address space inside several datacenters and with different types of access fixed (xDSL & FFTH) and mobile. The underlying infrastructure is based on Standards servers, but also support very low cost devices distributed between Telefonica volunteers and employees. Currently supported devices are Rasberry PI, Raspberry PI 2 and Miniand HackBerry A10.