Security Incidents mailing list archives

Tools to analyze "captured" binaries? -Reply

From: NSECURITY () TASC USDA GOV (Network Security)
Date: Thu, 20 Apr 2000 08:02:34 -0600


truss is your friend...there is also a good gnu debugger but the name
escapes me currently.
-- statik

Anton Chuvakin <achuvaki () IC SUNYSB EDU> 04/19/00 02:18pm

Hi there!

I just got a bunch of trojaned binaries (usual rootkit, I guess,
fingerd/ftp/login together with a sniffer) from my friend's box (hacked
via ADMROCKS, of course). What tools (apart from strings, ldd, file) I can
use to analyze those?

Thanks,

Current thread:

Re: I am popular today..., (continued)
- - - Re: I am popular today... Ryan Sweat (Apr 28)
    - Analysis: AboveNet attacks Robert Graham (Apr 28)
    - Re: I am popular today... Ville (Apr 29)
    - Lots netbios scans (udp 137) Russell Fulton (Apr 30)
    - High port UDP probe? Damian Gerow (Apr 25)
    - Re: High port UDP probe? Mark Rowe (Apr 26)
    - Lots of scan on port 9520 Erick Perez (Apr 25)
    - possible bind worm? Roelof Temmingh (Apr 25)
    - Re: Rooted through in.identd on Red Hat 6.0 Erich Meier (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Brett Glass (Apr 20)
    - Tools to analyze "captured" binaries? -Reply Network Security (Apr 20)
    - Re: Tools to analyze "captured" binaries? -Reply Ex Machina (Apr 22)
    - Port 137 scans on the rise Bryan Andersen (Apr 20)
    - Re: Port 137 scans on the rise horio shoichi (Apr 22)
- Re: CGI scans from Strauss.udel.edu -- They're back Network Security (Apr 17)

Security Incidents mailing list archives

Tools to analyze &quot;captured&quot; binaries? -Reply

Current thread:

Tools to analyze "captured" binaries? -Reply