posted in Antivirus, External tools on Jan 4th, 2010
I just read about the tool Malheur designed for malware analysis. It looks interesting, I don’t know what other tools like this one are out there (if you know some of them, please leave a comment) but it is worth some minutes to read through their page.
After thinking some minutes about their approach using the [...]
read full post »
posted in External tools on Nov 23rd, 2009
Tool name :
TrueCrypt
Description :
TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct encryption [...]
read full post »
posted in External tools on Nov 15th, 2009
Tool name :
Hping
Description :
This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying [...]
read full post »
posted in External tools, Worm sources on Nov 13th, 2009
Name
Win32/Blaster/Worm (Lovsan, Lovesan)
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
This worm was very active in 2003. It spreaded via an RPC vulnerability and executed a DoS attack on a specific date. It’s a well structured code, easy to read and understand. The intresting paragraphs are the spreader which attacks new victim system to learn and see how (easily) it [...]
read full post »
posted in External tools, Worm sources on Nov 8th, 2009
Name
Win32/ogw0rm
Type
Spreader, Worm
Author
Unknown
Written in
C
Description
Ogw0rm is a good example how malware propagates itself via Instant Messaging apps. It checks the process list for running IM applications and propagates itself by sending messages to new victims.
It shows how to enumerate Windows, send key strokes to the OS, Registry stuff and a little networking stuff. A simple malware source [...]
read full post »
posted in External tools on Sep 27th, 2009
Tool name :
Metasploit Framework
Description :
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and [...]
read full post »
posted in External tools, Tools & sources on Aug 11th, 2009
At BlackHat DC 2009 Moxie Marlinspike demonstrated how to subvert HTTPS with SSLStrip. SSLStrip intercepts HTTP traffic, watches for HTTPS links inside the data stream and maps these HTTPS links to HTTP. Whenever a victim clicks on such a mapped HTTPS link SSLStrip will notice it and act as a HTTP2HTTPS proxy server. All the [...]
read full post »
posted in External tools on Aug 9th, 2009
Tool name :
Tor
Description :
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which [...]
read full post »
posted in External tools on Aug 2nd, 2009
Tool name :
Ettercap
Description :
In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection [...]
read full post »
posted in External tools on Jul 26th, 2009
Tool name :
Tcpdump
Description :
Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the [...]
read full post »