dEEpEst Posted October 29, 2023 Share Posted October 29, 2023 This is the hidden content, please Sign In or Sign Up /applications/core/interface/js/spacer.png"> QuickSand Framework QuickSand is a Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats. It is available for download: This is the hidden content, please Sign In or Sign Up QuickSand supports scanning using Yara signatures within the decoded streams of documents and PDFs to identify exploits or high risk active content. Features Decode and decompress streams in OLE (Microsoft Word doc/Excel xls/Powerpoint ppt), OpenXML (Word docx/Excel xlsx/Powerpoint pptx), Hangul HWP, Adobe Reader PDF, Rich Text Format RTF, Postscript, Mime Emails, MSO, Adobe XML Data Package .XDP PDF. and Excel 4.0 Macros. Scan with Yara within streams and sub-files. Detect active content such as ActiveX, VBA, Macros, JavaScript, Shell commands. Detect and define recent CVE IDs for known exploits. Define Mitre Att&ck framework technique IDs for each exploit. Handle nested formats, some encryption and nested encapsulation. Open Source MIT License. Demo Online This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts