Initializing Security Systems
Please wait...
KAUST Spin-Off ยท CyberSaR Lab
GenSpect
The malware analyst that shows its work.
GenSpect inspects an unknown Windows binary and shows you exactly what's inside โ without ever running it. Every verdict is backed by the evidence behind it, and nothing leaves your network.
GenSpect โ analyst verdict LIVE
inspecting unknown.exe
Credential-stealing trojan. Harvests browser & mail logins, evades analysis, exfiltrates over the network.
Credential theftKeyloggingAnti-analysis
โ
every finding evidencedanalyst-ready
Aligned with the standards your SOC already runs on
MITRE ATT&CKD3FENDCISA KEVSigma100% local ยท air-gap-ready ยท no SaaS dependency
๐ก๏ธ
Never runs the sample
Inspected safely โ no detonation, no risk to your environment.
๐
Every verdict cites its evidence
Findings your analysts can trust โ and defend.
โก
Analyst-ready in seconds
From an unknown binary to a finished report, fast.
๐
Nothing leaves your network
100% on your own hardware. Zero sample egress.
From file to finished report โ in three steps
No detonation. No cloud. No waiting. Just the answer your team needs, with the evidence to back it.
1
Submit a file
Drop in an unknown Windows binary โ or point GenSpect at a hash.
2
Inspected safely
GenSpect examines it without ever executing it, then reasons over what it finds.
3
Get a cited report
An analyst-ready report where every conclusion is backed by its evidence.
Why teams choose GenSpect
Built for the unknown, evasive and regulated files that other tools can't safely touch.
๐
Explainable by design
Every technique, indicator and conclusion points to the evidence behind it โ so your team can act with confidence and stand behind the call.
๐
Runs entirely on your hardware
Air-gap-ready, with zero sample egress. Your malware โ and your findings โ never leave your network.
๐ก๏ธ
Safe by design
GenSpect never executes the sample, so there's no detonation risk โ and the same file always yields a consistent, defensible result.
๐
Analyst-ready outputs
Six report types โ from a one-page executive brief to a full malware analysis report โ generated in seconds and ready to ship.
It won't claim a technique it can't back up.
GenSpect only reports what it can evidence. Anything it can't support is flagged and removed before it ever reaches your analyst โ so what you read is what you can trust.
Persistence technique โ evidenced
Credential theft โ evidenced
Unsupported finding
โณ โ no evidence โ removed
Six reports. One inspection. Pick the audience.
Every report is TLP-marked and ready to ship โ from a one-page brief for leadership to a full analysis for your hunters.
TLP:AMBERExecutive 1-pager
Execs ยท Tier-11โ2 pp
Key judgments and top techniques, written for leadership.
TLP:AMBERFull Malware Analysis Report
Tier-2/3 ยท Hunters20โ40 pp
The complete, in-depth inspection your investigation team needs.
TLP:REDIncident Response Runbook
IR teams6โ12 pp
Kill-chain timeline, indicators to block now, and the response steps.
TLP:GREENVulnerability Advisory
Vuln-mgmt ยท Execs2โ4 pp
Exposure, severity, and the action your team needs to take.
TLP:AMBERBehavior Profile
Hunters ยท Tier-36โ10 pp
What the sample does, mapped to MITRE ATT&CK.
TLP:GREENDetection Pack
Tier-1/2 ยท SIEM3โ8 pp
Deployable detection rules your SIEM can use today.
The workspace your analysts operate in
A fast, keyboard-driven console โ inspection, reports, ATT&CK coverage and deployable detections, all in one place, all on your host.
MITRE ATT&CK coverage
Technique coverage across your samples, at a glance.
Deployable detections
Detection rules, organized by tactic โ ready for your SIEM.
Exploited-vuln context
Known-exploited-vulnerability awareness, built in.
For the analyst who has to be right โ and the leader who has to report it
๐งโ๐ป
SOC Analyst
Pain: Drowning in alerts and black-box tools you can't fully trust.
GenSpect: A cited, explainable verdict in seconds โ not another opaque score.
๐ฌ
DFIR / Forensics
Pain: Disclosure deadlines vs. the rigor your evidence has to hold up to.
GenSpect: Consistent, defensible inspection plus a finished report โ in seconds.
๐ฏ
Threat Hunter
Pain: Unknown, evasive or regulated samples that can't be sent to a sandbox.
GenSpect: Safe inspection of the file itself, entirely on your own infrastructure.
๐ข
CISO / Leader
Pain: Data-sovereignty exposure and tools that ship your samples to the cloud.
GenSpect: On-prem by default โ nothing leaves your network, ever.
Runs entirely on your network. No cloud. No egress.
Deploy on a single host or fully air-gapped, with role-based access for your team. Your samples and findings stay yours.
your network boundary โ nothing leaves
Inspection engine
examines files safely, on-host
Analyst console
triage, reports, coverage
Your samples
never leave your network
Role-based access
admin ยท analyst ยท viewer
Single-hostAir-gap-readyNo SaaS dependencyZero sample egress
See a binary become a cited report.
Book a walkthrough and watch GenSpect inspect a live sample on your own hardware โ or open a real sample report right now.