diff --git a/pkgs/development/python-modules/cxxfilt/default.nix b/pkgs/development/python-modules/cxxfilt/default.nix
new file mode 100644
index 00000000000..580d698d8da
--- /dev/null
+++ b/pkgs/development/python-modules/cxxfilt/default.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, gcc-unwrapped
+}:
+buildPythonPackage rec {
+  pname = "cxxfilt";
+  version = "0.2.2";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "ef6810e76d16c95c11b96371e2d8eefd1d270ec03f9bcd07590e8dcc2c69e92b";
+  };
+
+  postPatch = ''
+    substituteInPlace cxxfilt/__init__.py \
+      --replace "find_any_library('stdc++', 'c++')" '"${lib.getLib gcc-unwrapped}/lib/libstdc++.so"'
+  '';
+
+  # no tests
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "cxxfilt"
+  ];
+
+  meta = with lib; {
+    description = "Demangling C++ symbols in Python / interface to abi::__cxa_demangle ";
+    homepage = "https://github.com/afq984/python-cxxfilt";
+    license = licenses.bsd2;
+    maintainers = teams.determinatesystems.members;
+  };
+}
diff --git a/pkgs/development/python-modules/plugnplay/default.nix b/pkgs/development/python-modules/plugnplay/default.nix
new file mode 100644
index 00000000000..259fe96028a
--- /dev/null
+++ b/pkgs/development/python-modules/plugnplay/default.nix
@@ -0,0 +1,27 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+}:
+buildPythonPackage rec {
+  pname = "plugnplay";
+  version = "0.5.4";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "877e2d2500a45aaf31e5175f9f46182088d3e2d64c1c6b9ff6c778ae0ee594c8";
+  };
+
+  # no tests
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "plugnplay"
+  ];
+
+  meta = with lib; {
+    description = "A Generic plug-in system for python applications";
+    homepage = "https://github.com/daltonmatos/plugnplay";
+    license = licenses.gpl2Only;
+    maintainers = teams.determinatesystems.members;
+  };
+}
diff --git a/pkgs/development/python-modules/viv-utils/default.nix b/pkgs/development/python-modules/viv-utils/default.nix
new file mode 100644
index 00000000000..e94c96f72b0
--- /dev/null
+++ b/pkgs/development/python-modules/viv-utils/default.nix
@@ -0,0 +1,49 @@
+{ lib
+, buildPythonPackage
+, isPy3k
+, fetchFromGitHub
+, funcy
+, pefile
+, vivisect
+, intervaltree
+, setuptools
+}:
+buildPythonPackage rec {
+  pname = "viv-utils";
+  version = "0.3.17";
+  disabled = isPy3k;
+
+  src = fetchFromGitHub {
+    owner = "williballenthin";
+    repo = "viv-utils";
+    rev = "v${version}";
+    sha256 = "wZWp6PMn1to/jP6lzlY/x0IhS/0w0Ys7AdklNQ+Vmyc=";
+  };
+
+  # argparse is provided by Python itself
+  preBuild = ''
+    sed '/"argparse",/d' -i setup.py
+  '';
+
+  propagatedBuildInputs = [
+    funcy
+    pefile
+    vivisect
+    intervaltree
+    setuptools
+  ];
+
+  # no tests
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "viv_utils"
+  ];
+
+  meta = with lib; {
+    description = "Utilities for working with vivisect";
+    homepage = "https://github.com/williballenthin/viv-utils";
+    license = licenses.asl20;
+    maintainers = teams.determinatesystems.members;
+  };
+}
diff --git a/pkgs/development/python-modules/vivisect/default.nix b/pkgs/development/python-modules/vivisect/default.nix
new file mode 100644
index 00000000000..0d86f2ffbd9
--- /dev/null
+++ b/pkgs/development/python-modules/vivisect/default.nix
@@ -0,0 +1,46 @@
+{ lib
+, buildPythonPackage
+, isPy3k
+, fetchPypi
+, pyasn1
+, pyasn1-modules
+, cxxfilt
+, msgpack
+, pycparser
+}:
+buildPythonPackage rec {
+  pname = "vivisect";
+  version = "0.1.0";
+  disabled = isPy3k;
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "ed5e8c24684841d30dc7b41f2bee87c0198816a453417ae2e130b7845ccb2629";
+  };
+
+  propagatedBuildInputs = [
+    pyasn1
+    pyasn1-modules
+    cxxfilt
+    msgpack
+    pycparser
+  ];
+
+  preBuild = ''
+    sed "s@==.*'@'@" -i setup.py
+  '';
+
+  # requires another repo for test files
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "vivisect"
+  ];
+
+  meta = with lib; {
+    description = "Pure python disassembler, debugger, emulator, and static analysis framework";
+    homepage = "https://github.com/vivisect/vivisect";
+    license = licenses.asl20;
+    maintainers = teams.determinatesystems.members;
+  };
+}
diff --git a/pkgs/tools/security/flare-floss/default.nix b/pkgs/tools/security/flare-floss/default.nix
new file mode 100644
index 00000000000..954dd07d6ab
--- /dev/null
+++ b/pkgs/tools/security/flare-floss/default.nix
@@ -0,0 +1,46 @@
+{ lib
+, python2
+, fetchFromGitHub
+}:
+python2.pkgs.buildPythonPackage rec {
+  pname = "flare-floss";
+  version = "1.7.0";
+
+  src = fetchFromGitHub {
+    owner = "fireeye";
+    repo = "flare-floss";
+    rev = "v${version}";
+    sha256 = "GMOA1+qM2A/Qw33kOTIINEvjsfqjWQWBXHNemh3IK8w=";
+  };
+
+  propagatedBuildInputs = with python2.pkgs; [
+    pyyaml
+    simplejson
+    tabulate
+    vivisect
+    plugnplay
+    viv-utils
+    enum34
+  ];
+
+  checkInputs = [
+    python2.pkgs.pytestCheckHook
+  ];
+
+  disabledTests = [
+    # test data is in a submodule
+    "test_main"
+  ];
+
+  pythonImportsCheck = [
+    "floss"
+    "floss.plugins"
+  ];
+
+  meta = with lib; {
+    description = "Automatically extract obfuscated strings from malware";
+    homepage = "https://github.com/fireeye/flare-floss";
+    license = licenses.asl20;
+    maintainers = teams.determinatesystems.members;
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2d0ae69db6d..d851e716ab9 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -404,6 +404,8 @@ in
 
   find-cursor = callPackage ../tools/X11/find-cursor { };
 
+  flare-floss = callPackage ../tools/security/flare-floss { };
+
   prefer-remote-fetch = import ../build-support/prefer-remote-fetch;
 
   global-platform-pro = callPackage ../development/tools/global-platform-pro/default.nix { };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 07da96d5673..225386aee3d 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1668,6 +1668,8 @@ in {
 
   cx_oracle = callPackage ../development/python-modules/cx_oracle { };
 
+  cxxfilt = callPackage ../development/python-modules/cxxfilt { };
+
   cycler = callPackage ../development/python-modules/cycler { };
 
   cymem = callPackage ../development/python-modules/cymem { };
@@ -5319,6 +5321,8 @@ in {
 
   pluginbase = callPackage ../development/python-modules/pluginbase { };
 
+  plugnplay = callPackage ../development/python-modules/plugnplay { };
+
   plugwise = callPackage ../development/python-modules/plugwise { };
 
   plum-py = callPackage ../development/python-modules/plum-py { };
@@ -8919,6 +8923,10 @@ in {
 
   vispy = callPackage ../development/python-modules/vispy { };
 
+  vivisect = callPackage ../development/python-modules/vivisect { };
+
+  viv-utils = callPackage ../development/python-modules/viv-utils { };
+
   vmprof = callPackage ../development/python-modules/vmprof { };
 
   vncdo = callPackage ../development/python-modules/vncdo { };