Dailydave mailing list archives
Re: iDEFENSE Labs Releases Malcode Analyst Pack
From: "Andrew R. Reiter" <arr () watson org>
Date: Wed, 8 Jun 2005 16:22:55 -0400 (EDT)
On Wed, 8 Jun 2005, Dave Aitel wrote: :Cool - would David Zimmer be interested in explaining how SCLog works? That :would probably have saved me a lot of time last weekend while I tried to :manually decompile a new version of rdbot... : RTFS : :Michael Sutton wrote: : :> iDEFENSE Labs has released a new open source package related to :> malicious code analysis which is available for download from: :> :> http://labs.idefense.com :> :> Authored by David Zimmer, the Malcode Analyst Pack contains the :> following GUI driven utilities: :> :> FakeDNS - A minimal DNS server allowing the user to have all DNS :> queries resolve to a predefined IP. :> :> IDCDumpFix - This tool can be used to associate API names to IAT :> addresses for IDA disassemblies of raw memory dumps. Fast, :> simple technique to get a readable disassembly for :> arbitrarily packed executables. :> :> MailPot - A small lab-quality tool for capturing e-mails sent out by :> trojans and mass mailers. :> :> SCLog - Shellcode research and testing application that loads and :> executes shellcode within the context of an API hooking :> framework. Provides a runtime output log of APIs called :> while blocking certain dangerous functions. (Not for use :> outside of lab VM environments). :> :> ShellExt - This utility adds three shell extensions to the Windows :> Explorer right-click context menu: :> :> 1) "Decompile" context menu item is added for CHM files. :> :> 2) "Strings" context menu is added for all files. This :> feature extracts all ASCII and Unicode strings from the :> specified file and displays the results in a popup :> form. :> :> 3) "Hash Files" context menu is added for all folders. This :> feature displays the name, size and MD5 hash of all :> files in the specified folder in a popup form. :> :> SniffHit - A lightweight specialized HTTP/IRC sniffer designed to :> extract target communication data and present it in an :> easily viewable (and copy-able) interface. :> :> SocketTool - A graphical TCP Client designed to allow the user to easily :> send text or binary data to a server, probing for :> functionality. :> :> More information and source code are available in the bundled install :> file. :> :> _______________________________________________ :> Dailydave mailing list :> Dailydave () lists immunitysec com :> https://lists.immunitysec.com/mailman/listinfo/dailydave :> : :_______________________________________________ :Dailydave mailing list :Dailydave () lists immunitysec com :https://lists.immunitysec.com/mailman/listinfo/dailydave : : -- Andrew R. Reiter arr () watson org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- iDEFENSE Labs Releases Malcode Analyst Pack Michael Sutton (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack Dave Aitel (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack Andrew R. Reiter (Jun 08)
- <Possible follow-ups>
- Re: iDEFENSE Labs Releases Malcode Analyst Pack david (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack dicktheft (Jun 08)
- Re: iDEFENSE Labs Releases Malcode Analyst Pack Dave Aitel (Jun 08)