Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
The Mobius verification environment supports the development of specifications, programs, and proofs of their security properties. It will support both source code and bytecode level verification, and be able to produce the output necessary for the generation of PCC certificates.
MonoDecrypt uses pattern matching and its knowledge about character frequencies in order to decrypt messages encoded with a monoalphabetic substitution cipher. MonoDecrypt can decrypt texts of any language, as long as it has sufficient information about the language. Depending on the information you give it, the tool decrypts about 50%-100% on its own. Then you can decrypt the remaining data by filling the gaps or correcting bad guesses. MonoDecrypt can also encrypt texts using monoalphabetic substitution.
Virtual Ideal Functionality Framework is a framework for creating efficient and secure multi-party computations (SMPC). Players, who do not trust each other, participate in a joint computation based on their private inputs. The computation is done using a cryptographic protocol which allows them to obtain a correct answer without revealing their inputs. Operations supported include addition, multiplication, and comparison, all with Shamir secret shared outputs.
Obol is a specialized high-level programming language for security protocols. The idea is to program closer to the abstractions used to describe and analyze security protocols, and leave all the nasty details to the language's runtime. The runtime will then handle "mundane" issues such as message representation, communication, cryptographic transformations and so on. The language is interpreted, and the runtime written in Java.
TNV (The Network Visualizer or Time-based Network Visualizer) depicts network traffic by visualizing packets and links between local and remote hosts. It is intended for network traffic analysis to facilitate learning what constitutes 'normal' activity on a network, investigating packet details and security events, or for network troubleshooting. It can open saved libpcap (from tcpdump, windump, ethereal, etc.) formatted files or capture live packets on the wire, and export data in libpcap format or save the data to a MySQL database to enable the examination of trends over time.
BinarySEC is an intelligent Web application firewall designed to suppress malicious traffic on Web sites and applications. Its artificial intelligence engine learns normal traffic and blocks malicious requests with very high accuracy. BinarySEC secures against a wide range of attacks, including cross-site scripting (XSS), SQL injection, command injection, PHP includes, parameter tampering, buffer overflow, directory traversal, attack obfuscation, and more. BinarySEC for Apache includes a graphical installer and a Web-based administration interface.
Raiden is an extremely lightweight and fast block cipher, developed using genetic programming. Its aims are to be simple enough to be remembered by heart and to be compact, highly portable, and light enough to be implemented in resource constrained environments. It was developed with the intention of being an alternative to TEA, with the same speed and without any of its known weaknesses.