Security Incidents mailing list archives
Tools to analyze "captured" binaries? -Reply
From: NSECURITY () TASC USDA GOV (Network Security)
Date: Thu, 20 Apr 2000 08:02:34 -0600
truss is your friend...there is also a good gnu debugger but the name escapes me currently. -- statik
Anton Chuvakin <achuvaki () IC SUNYSB EDU> 04/19/00 02:18pm
Hi there! I just got a bunch of trojaned binaries (usual rootkit, I guess, fingerd/ftp/login together with a sniffer) from my friend's box (hacked via ADMROCKS, of course). What tools (apart from strings, ldd, file) I can use to analyze those? Thanks,
Current thread:
- Re: I am popular today..., (continued)
- Re: I am popular today... Ryan Sweat (Apr 28)
- Analysis: AboveNet attacks Robert Graham (Apr 28)
- Re: I am popular today... Ville (Apr 29)
- Lots netbios scans (udp 137) Russell Fulton (Apr 30)
- High port UDP probe? Damian Gerow (Apr 25)
- Re: High port UDP probe? Mark Rowe (Apr 26)
- Lots of scan on port 9520 Erick Perez (Apr 25)
- possible bind worm? Roelof Temmingh (Apr 25)
- Re: Rooted through in.identd on Red Hat 6.0 Erich Meier (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Brett Glass (Apr 20)
- Tools to analyze "captured" binaries? -Reply Network Security (Apr 20)
- Re: Tools to analyze "captured" binaries? -Reply Ex Machina (Apr 22)
- Port 137 scans on the rise Bryan Andersen (Apr 20)
- Re: Port 137 scans on the rise horio shoichi (Apr 22)