Published on June 30th, 2017 | by MaxiSoler0
TRANScurity Platform v0.2.0-beta – Binary File Format Analysis & Hardening
TRANScurity Platform is a tool for static binary file format analysis is to complete the existing tool set by a place where experts, prospective experts and students can exchange and extend their knowledge. Especially in educational context, this requires the possibility to access detailed information and documentation about internal structures of the binary formats.
TRANScurity Platform is currently focused on the executable format on Windows operating system: Portable Executable.
The analysis platform provides common standard tools (such as: View common file information, display internal structures, extracting resources, entropy, imports/exports, VirusTotal reports etc.) but also gives full PE model access via Python scripts to the user, reveals strange/malicious properties and provides hardening suggestions (for making manipulation or attacks difficult).
The intention of the community aspect by custom Python scripts that can be shared is to gather knowledge about the characteristics of (possibly high-level) malware and to make it easy for prospective experts to learn everything about it. Finally, all this knowledge can also be used by the anti malware and security industry in the future, keywords: Machine learning, static heuristical analysis (like Comodo does today).
- Parsing and extraction of general information, compiler signatures and resources from Portable Executables (also .NET supported, of course).
- Extraction of PE property hotspots (indicators for malformed or possibly malicious PEs).
- Hardening suggestions for a robust PE.
- Entropy computation.
- VirusTotal connection.
- Graphical visualization of PE section and import proportions (inclusive visualization of code cave proportions).
- Graphical visualization of entire PE layout tree and access to its structures.
- Python Editor with full access to parsed PE model.
- First basic implementation of a content assistant in Python Editor.
More Information: here
Thanks to Andreas Lück (PAX), for sharing this tool with us.