[PeStudio v7.98] The Static Investigation tool for Windows executable binary

PeStudio is a free tool performing the static investigation of any Windows executable binary. A file being analyzed with PeStudio is never launched. Therefore you can evaluate unknown executable and even malware with no risk. PeStudio runs on any Windows Platform and is fully portable, no installation is required. PeStudio does not change the system or leaves anything behind

PeStudio shows Indicators as a human-friendly result of the analyzed image. Indicators are grouped into categories according to their severity. Indicators show the potential and the anomalies of the application being analyzed. The classifications are based on XML files provided with PeStudio. By editing the XML file, one can customize the Indicators shown and their severity.

Among the indicators, PeStudio shows when an image is compressed using UPX or MPRESS. PeStudio helps you to define the trustworthiness of the application being analyzed.

PeStudio can query Antivirus engines hosted by Virustotal for the file being analyzed. This feature only sends the MD5 of the file being analyzed. This feature can be switched ON or OFF using an XML file included with PeStudio. PeStudio helps you to determine how suspicious the file being analyzed is.

Download PeStudio 8.01

[Firebind Reflector v0.53] Portable Network Path Scanning Tool

Firebind Reflector is a portable network path scanning tool that can profile firewall and other network device rules for port blocking, such as perform egresss/exfiltration testing. Reflector has a client side and listener (server-side) like Netcat and Ncat, except Reflector can dynamically be told by the client to listen on any or all 65,535 TCP or UDP ports, while supporting up to several hundred simultaneous client scans.

• All components of Reflector (server-side and client-side) are contained within a single 3 megabyte Java jar file. The Reflector jar file contains the core Firebind codebase, a fully functional web server, and both Reflector Java applet and command line clients.
• Reflector’s Java applet is automatically downloaded to the client machine, requiring no user installation other than allowing it to run within the browser. Since it is browser-based, any user no matter how non-technical they may be can run a test.
• Reflector’s patent pending technology (System and Method for Network Path Validation – US 20130185428) allows Reflector to dynamically listen on any UDP or TCP port, while never exceeding operating system limits that restrict the maximum number of listeners (which can be as low as several hundred at a time out of 65,535 possible ports for either TCP or UDP.)
• Reflector’s out-of-band command channel allows all clients to keep in sync with the Reflector server component regardless of whether the given port under test is blocked or not, giving Reflector 100% accuracy in results. Other client-only solutions can’t guarantee that the packets they receive back are coming from the device they are trying to profile or test. The out-of-band command channel also allows a single instance of Reflector to handle hundreds of simultaneous clients, all performing full 64k TCP and/or UDP port tests. Finally, the out-of-band command channel increases the speed of the tests since the client can be configured to wait any number of seconds for a reply, and if that timer expires, the client can issue a “skip” command to Reflector to tell it to move to the next port.
• Reflector does more than simple TCP handshake connection attempts by sending a custom payload over every port and checking to confirm the payload echoed back from the server matches or not.
• Reflector’s built-in database and RESTful API allow test results to be viewed via a web page or accessed by third-party applications. This removes the burden from the client-side user to e-mail their results.

More information