Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sharing the Tools

Published: 2010-03-30
Last Updated: 2010-03-30 21:34:26 UTC
by Pedro Bueno (Version: 1)
3 comment(s)


In the malware analysis world, you have to have your tools that you feel most comfortable to use, otherwise, a task that could be
accomplished in 10 minutes would take hours.

But sometimes, finding the right tool for the task can be quite a challenge. This is one of the reasons that I decided to create a site,
called www.mysectools.com, where I am able to share some tools that were quite valuable on my day by day malware analysis tasks.

Now, I would like to comment on two tools that I was recently introduced.

The first one is not directly related to Malware Analysis (at least on the concept), since it is more a develpment tool. It is called
WinAPIOverride32 .
It is actually a package/suite with 3 different tools, but the one that I like most is the dumper.exe, because sometime you want more
than just a click and dump application. This one gives you  the freedom to chose what/how you want to dump a module, for example.

The second one is an Anti-Rootkit tool, called XueTr , which honestly I didnt try
outside a controlled environment (vmware,etc...).

This is another quite powerful tool, which in some point reminds me IceSword which if you dont know, I would recommend to check.

Happy Malware Analysis!

----------------------------------------------------------------

Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

www.mysectools.com

 

3 comment(s)

Zigbee Analysis Tools

Published: 2010-03-30
Last Updated: 2010-03-30 18:18:30 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

At today's SANS SCADA Conference in Orlando Josh Wright of InGuardians gave a very interesting talk on Zigbee security.  Josh is leading a project to build a framework for Zigbee analysis tools that he calls "Killerbee".  From the project website:

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using KillerBee tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the KillerBee framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more.

Let us know via our contact page or via the comment link below if you are doing any Zigbee experimentation and what you've learned so far.

Marcus H. Sachs
Director, SANS Internet Storm Center

Keywords: python tools zigbee
0 comment(s)

VMWare Security Advisories Out

Published: 2010-03-30
Last Updated: 2010-03-30 16:58:22 UTC
by Pedro Bueno (Version: 1)
1 comment(s)

Update: Tuesday :

...and there is New Java patches too... http://java.sun.com/javase/6/webnotes/ReleaseNotes.html

--------------------------------------

Yes, today is monday, but we can already call it a week of patches/advisories.

We already got the Apple advisories , we already know about MS OOB patch release tomorrow (March 30th), and today VMWare has released the following new and updated security advisories:

New - VMSA-2010-0005
http://lists.vmware.com/pipermail/security-announce/2010/000086.html

Updated - VMSA-2009-0016.5
http://lists.vmware.com/pipermail/security-announce/2010/000087.html

Update - VMSA-2010-0002.1
http://lists.vmware.com/pipermail/security-announce/2010/000088.html

Enjoy! Today is monday!:)

 

------------------------------------------------------------------

Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

http://www.mysectools.com

1 comment(s)
Diary Archives