Malware Analysis Tutorial 28: Break Max++ Rootkit Hidden Drive Protection
Learning Goals: Practice WinDbg for Intercepting Driver Loading Practice IMM for Modifying Binary Code Trace and Modify Control Flow Using IMM Applicable to: Operating Systems Assembly Language Operating System Security 1. Introduction One typical feature of Max++ is its ability to hide malicious files in a hidden drive. In this tutorial, we show you how to modify the malware itself to break its h
Malwr - Coming back soon!
Malwr is coming back soon! Stay tuned for our re-launch and follow updates by signing up to our newsletter:
List of Sandboxes for Malware Analysis! — PenTestIT
List of Sandboxes for Malware Analysis!PenTestIT Your source for Information Security Related information! We had done a similar post - way back in 2009 – titled List of Online Malware Scanners. Cut to the end of 2011, we now bring you a list of free sandboxes for malware analysis. Most of them are free and open source products. However, we also have included a few commercial versions and those th
Show me your Kung-Fu. Reversing/Forensic Android
The last week was held in Barcelona the NoConName security conference, and I had the pleasure of attending to give a security conference about Android. It talked about how to perform a dynamic analysis, static and forensic skip protection and release application along with our friend of MalwareIntelligence too, Ehooo, a small PoC reveals a vulnerability of Tap-Jacking. For those who could not
Practical Malware Analysis
Download Chapter 12: Covert Malware Launching (PDF) Download the labs Visit the authors' website for news and other resources "The book every malware analyst should keep handy." —Richard Bejtlich, CSO of Mandiant & Founder of TaoSecurity Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections a
「新種ウイルスを自動解析、詳細をレポートに出力」、FFRの新製品
「新種ウイルスを自動解析、詳細をレポートに出力」、FFRの新製品 ソフトウエア製品の出荷前チェックに有用、「専門知識は不要」 セキュリティ会社のフォティーンフォティ技術研究所(FFR)は2011年7月19日、ソフトウエア製品などに含まれるウイルス(マルウエア)を自動的に検出して解析するソフトウエア「yarai analyzer(ヤライ アナライザー)」を発売した。新種のウイルスでも検出できることや、その動作などをまとめたレポートを作成することが特徴。 yarai analyzerは、仮想マシン上のゲストOSで動作するソフトウエア。動作環境は、ホストOSがWindows Server 2003/2003 R2/2008、仮想マシンがVMWare ServerやVMWare Workstation、ゲストOSがWindows XP/Vista/7。ゲストOSにyarai analyzerをイン
DroidBox: alpha release | The Honeynet Project
The Android application sandbox is now ready for an alpha release. Details on how to get DroidBox running are available at the project webpage. At the moment, the following actions are logged during runtime: File read and write operations Cryptography API activity Opened network connections Outgoing network traffic Information leaks through the following sinks: network, file, sms Attempts to send
Malware Sandbox Services and Software
Whether you are performing digital forensics, or just have an interest in malware, a sandbox environment is an essential part of your analysis program. Sandboxing services can save time and provide a quick and easy glimpse into a suspicious files behavior. I received an email this morning from Jose' Nazario of Arbor Networks where he provided a link to a list made by Buster (author of Buster Sand
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Unravelling .NET with the Help of WinDBG
GitHub - Frky/scat: Dynamic analysis of binary programs to retrieve function-related information (arity, type of parameters, coupling).
MalwareDynamicAnalysis
Home
Malware Analysis Tutorial 16: Return Oriented Programming (Return to LIBC) Attack
Cuckoo Sandbox 0.3.2 is out! « Cuckoo Sandbox
https://www.mlsec.org/malheur/
Update 20/09/2011 - Malwr Forums
Download Attack Surface Analyzer (classic) from Official Microsoft Download Center
Google Code Archive - Long-term storage for Google Code Project Hosting.
https://zerowine.sourceforge.net/
vulnerabilitydatabase.com