Improve triage and generate IoC
Our product Dexcalibur offers a simple way to inspect strongly obfuscated applications' behaviors including if these applications exploit specific vulnerabilities for a particular device model.
Malicious applications require numerous analysis and obfuscation environmental detection techniques. Sometimes, a remote certification is performed.
In this case, it's crucial to have a reliable and stable tool able to apprehend files that were voluntarily malformed and to automate as much as possible the Analyst's work.
Obfuscation techniques are in perpetual evolution and can challenge your security. Indeed, they often enforce encryption and many protection mechanisms against reverse engineering. It's not uncommon to run into files that don't respect standards and undermine usual applications.
Dexcalibur offers an all-integrated approach, capable of establishing correlations between the binary dynamic instrumentation, the static and dynamic analysis, the networks communications and the symbolic execution to deobfuscate applications.
Deep reverse engineering
Most tools offer applications analysis on the principle that they don't respect certain rules.
We prefer to consider them as "wild beasts" and we don't want to skew our analysis. That way, Dexcalibur systematically analyzes the application, its runtime environment and the platform on which it's running. Thanks to this, Dexcalibur is able to apprehend malicious software programs that would exploit the non-documented builders APIs.
As you already know, united we stand. Dexcalibur PRO users can work on the same network at the same time and on the same application.
Thanks to this functionality, in a few clicks users can exchange: hooks, aliases, network frames, types, parsers, files, buffer, strings, etc.
Dexcalibur is able to apply Yara rules on intermediary results obtained by dynamic instrumentation or emulation.
To adapt to your needs, Dexcalibur's deployment follows an "agile" method and is greatly facilitated by these 3 operational modes: offline, adhoc, and centralized.
You can then start equipping individual users (off-line usage) then updgrade to an adhoc or centralized configuration.
Get a free consultation
Let's discuss your needs and find the best solutions for your projects.
Dexcalibur helps me with tedious, time-consuming tasks since it provides useful features for the instrumentation application. This is a clever time-saving tool. My favorite feature is the automated functions hooking. No need to bother writing hooks one by one, this tool automates hooks on its own while providing easy-to-use GUI.
Since I work on complex mobile applications, I often come across a lot of security mechanisms that drastically slow down static analysis. Dexcalibur is specifically designed to respond to this problem, it combines static and dynamic analysis in a very elegant way and makes application analysis much simpler. Instrumenting mobile application with Dexcalibur has never been so smooth.