Grab'n Run Grab'n Run is a library for Android that makes the implementation of dynamic code loading mechanisms safe by design. This library currently implements the SecureDexClassLoader API, which can be used instead of the standard DexClassLoader API, and it prevents the developer to introduce severe security bugs. More details are available on the project website.
BareDroid BareDroid is a system that allows the analysis of Android applications on bare-metal devices. Other than being one of the first systems of its kind, BareDroid enabled a very efficient procedure to restore the analysis environment to a clean snapshot. See the paper for more details.
iCTF Framework This is the framework that we developed to run the yearly UCSB International Capture The Flag (iCTF) competition. This framework allows the organization and management of a generic attack-defense Capture the Flag security competitions. See the paper for more details.
ShellNoob ShellNoob is a shellcode writing toolkit. ShellNoob is designed to make the shellcode writing process as easy as possible, leaving to the writer only the fun parts.
The source is available on github at this link. ShellNoob has been presented at Black Hat USA Arsenal 2013, and it is now part of the Kali Linux distribution!
Andrubis Andrubis is a publicly available platform to analyze benign and malicious Android applications. The system performs static and dynamic analysis and an informative report is provided to the user. Andrubis is freely available as an extension of the Anubis platform. Check it out here: link.
Shellzer Shellzer is tool for the dynamic analysis of malicious shellcode that I developed for my Master thesis. Shellzer is currently used by Wepawet (a service for detecting and analyzing web-based threats) to process all the shellcode samples detected during its analysis. For more information, check out the white paper and these two blog posts: this and that.