Threat Level: green Handler on Duty: Rick Wanner

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Debuggers and Analyzing Malicious Software

Published: 2007-08-05
Last Updated: 2007-08-05 03:14:50 UTC
by Scott Fendley (Version: 1)
0 comment(s)

While at SANSFire this past week, I got the chance to chat with many of my colleagues.  One of things we discussed was tools we used to analyze malicious code.  Of particular interest to me is the topic of debuggers.    It appears that really two tools stand out as one of choice.

    1)  IDA Pro from DataRescue.  The offer a free version which has reduced functionality.  But most of those I chatted to recommend using the commercial one or #2.

    2) OllyDbg -  This is the tool that most of my colleagues are using.  It is shareware and seems to be easier to use to some analysts.  As such I would recommend this one.

    3) Immunity Debugger -  Released recently, some are trying this one out as it seems to take the best of command line interfaces as well as the GUI ones and combined it into one package.

So are there other debuggers that you, our readers, like to use when analyzing malicious software?  Let me know which ones and your reason why.  I will add them to this diary over the weekend. 

 

 

Keywords:
0 comment(s)
Diary Archives