Dailydave mailing list archives

Re: iDEFENSE Labs Releases Malcode Analyst Pack

From: Dave Aitel <dave () immunitysec com>
Date: Wed, 08 Jun 2005 15:25:45 -0400

Cool - would David Zimmer be interested in explaining how SCLog works?That would probably have saved me a lot of time last weekend while Itried to manually decompile a new version of rdbot...


-dave


Michael Sutton wrote:

iDEFENSE Labs has released a new open source package related to
malicious code analysis which is available for download from:

   http://labs.idefense.com

Authored by David Zimmer, the Malcode Analyst Pack contains the
following GUI driven utilities:

FakeDNS    - A minimal DNS server allowing the user to have all DNS
            queries resolve to a predefined IP.

IDCDumpFix - This tool can be used to associate API names to IAT
            addresses for IDA disassemblies of raw memory dumps. Fast,
            simple technique to get a readable disassembly for
            arbitrarily packed executables.

MailPot    - A small lab-quality tool for capturing e-mails sent out by
            trojans and mass mailers.

SCLog      - Shellcode research and testing application that loads and
            executes shellcode within the context of an API hooking
            framework. Provides a runtime output log of APIs called
            while blocking certain dangerous functions. (Not for use
            outside of lab VM environments).

ShellExt   - This utility adds three shell extensions to the Windows
            Explorer right-click context menu:

            1) "Decompile" context menu item is added for CHM files.

            2) "Strings" context menu is added for all files. This
                feature extracts all ASCII and Unicode strings from the
                specified file and displays the results in a popup
form.

            3) "Hash Files" context menu is added for all folders. This
                feature displays the name, size and MD5 hash of all
                files in the specified folder in a popup form.

SniffHit   - A lightweight specialized HTTP/IRC sniffer designed to
            extract target communication data and present it in an
            easily viewable (and copy-able) interface.

SocketTool - A graphical TCP Client designed to allow the user to easily
            send text or binary data to a server, probing for
            functionality.

More information and source code are available in the bundled install
file.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

iDEFENSE Labs Releases Malcode Analyst Pack Michael Sutton (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack Dave Aitel (Jun 08)
  - Re: iDEFENSE Labs Releases Malcode Analyst Pack Andrew R. Reiter (Jun 08)
- <Possible follow-ups>
- Re: iDEFENSE Labs Releases Malcode Analyst Pack david (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack dicktheft (Jun 08)