Penetration Testing mailing list archives
Re: Exploit package analysis
From: Mattias Ahnberg <mattias () ahnberg pp se>
Date: Fri, 29 Jul 2005 13:35:13 +0200
Erin Carroll wrote:
My question to all of you is what are some basic sandbox tools you would recommend to pursue this? Does anyone work in a similar vein and has the experience been helpful in your pen-testing work?
I normally use VMware with one or more boxes in a virtual VMware-internal network to test things out. Its easy to take a snapshot, entirely trash a system, press a button and revert all changes back to the state it was in before you begun. A _huge_ timesaver when debugging & analyzing. In Windows I run tools like ethereal, sysinternals tools (filemon, regmon and whatever else suits your current needs) and ollydbg for example. As a complement to the Windows box I usually have another virtual machine alive with Linux on it; I run a VMware internal network and use the Linux box as default gateway for the Windows box, and therefore see all traffic that the box attempts to send out when infected. On the Linux (or whatever OS you favor at the time) box it is useful to run something like dsniff's arpspoof & dnsspoof. There are a million ways you can do things like this. Put perhaps this is of some use to someone. :) -- /ahnberg.
Current thread:
- Exploit package analysis Erin Carroll (Jul 28)
- RE: Exploit package analysis Eyal Udassin (Jul 28)
- Re: Exploit package analysis Mattias Ahnberg (Jul 29)
- RE: Exploit package analysis Matt (Jul 30)
- <Possible follow-ups>
- RE: Exploit package analysis Todd Towles (Jul 28)
- Re: Exploit package analysis Justin Ferguson (Jul 29)
- Re: RE: Exploit package analysis mark . handy (Jul 29)
- RE: Exploit package analysis Todd Towles (Jul 29)
- RE: Exploit package analysis Lars Troen (Jul 29)