Dell SecureWorks' Security Research Group has developed several security tools that are publicly available. All tools are released under the GNU General Public License (GPL) and are provided "as-is", with no warranty and no support.
This script will read the Symantec Endpoint Protection log (AVMan.log) and produce a more readable formatted report.
AMI Exposed is a Ruby framework for testing Amazon Machine Images (AMIs) for common security weaknesses and credential exposures.
Fess is a Perl-based exploit scanner for email that uses a signature language similar to Snort IDS.
Foregone is a forensic file recovery tool written in Perl.
Mumsie is the Malicious URL Monitor and Snort Injection Engine, a program used to log HTTP client request headers when Snort alerts on malicious content from a webserver.
Truman is a "sandnet", a behavioral analysis system for malware that provides an Internet-like environment to the target, and doesn't depend on virtual machines.
Wind Pill is a tool that assists in automating the tasks involved in debugging the Windows kernel.
The SecureWorks Snort Plug-in Pack is a collection of dynamic preprocessor plug-ins for the Snort intrusion detection and prevention system.
Untorpig is a program for incident responders to decode/decrypt data stolen by the Torpig (Anserin, Sinowal, Mebroot) Trojan in HTTP traffic logs.