Open tools for professional use

1. Cyber Sandbox Creator: A tool for creating lightweight virtual labs

Cyber Sandbox Creator is a tool that can generate portable definition files and build virtual environments using VirtualBox, Vagrant, and Ansible from a simple YAML definition of topology. The combination of these tools makes it possible to create virtual machines connected with virtual networks with minimal effort, even on a desktop computer or laptop.

2. Seccerts.org: Analysis of security certification reports (CC EAL, FIPS140-2)

The sec-certs set of tools download, process, and analyze security certificates issued under Common Criteria and NIST FIPS 140-2 schemes and turn these into computer-searchable and analyzable datasets.

3. SCRUTINY: Tool for quick similarity assessment of certified devices

Set of tools allowing to verify that all devices (e.g., cryptographic smartcards cards) are matching the expected forensic profile to detect chips of different revision, malfunctioning, or even counterfeited one.

4. Tool for high-performance, easy testing of (pseudo-)random data generators

Provides easy to use assessment of the randomness properties of data generated by truly random data generator (e.g., physical TRNG) or pseudo-random generator (e.g., AES ciphertext, PRNG).

5. Tool for security analysis of RSA and ECC implementations in crypto libraries and cards

Set of tools for exhaustive implementation testing of existing RSA and ECC implementations and verify that the required security-relevant checks like known invalid inputs tested (EC point not on curve, invalid curve parameters…) are performed. Automatic analysis of library output artifacts (generated keys, side-channel leakage…) is collected and any deviances (even if not directly exploitable) from the common behavior are searched for detected. A black-box analysis is performed, allowing for analysis also on the closed, proprietary devices.