Penetration Testing mailing list archives
Re: Analize Virus
From: "Jason Ross" <algorythm () gmail com>
Date: Wed, 1 Aug 2007 00:03:42 -0400
On 7/31/07, Rafa Richart <Rafa () ontinet com> wrote:
we're looking for some tools to analize the Malware behaivor, we've a Lab under contruccion but we need some advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...
I've found VmWare Server (the free version) to be especially useful for this purpose. I use "What Changed" (which is available from [among other places] http://majorgeeks.com/What_Changed_d5018.html to compare files and registry hives which have changed, and have had decent results with it. I have heard good things about the "Reg Shot" app ( http://majorgeeks.com/RegShot_d965.html ) but haven't used it myself. Of course, wirehark is essential (in my opinion), as are the various utilities previously offered from sysinternals (now microsoft) ... in particular i find pstools and tcpview to be very handy. The collection of these is at the technet site: http://www.microsoft.com/technet/sysinternals/default.mspx You also may find it useful to have some form of disassembler/debugger. I am fond of ollydbg for this purpose, which is available at http://www.ollydbg.de It's probably worth noting that the craftier malware authors are beginning to check to see if they are running in a vmware environment. Accordingly it may be useful to take some countermeasures to that if possible. See http://isc.sans.org/diary.html?storyid=1871 for some information on this. Regards, -- Jason Ross ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Analize Virus 杨峰 (Aug 01)
- Re: Analize Virus Paul Halliday (Aug 03)
- <Possible follow-ups>
- Re: Analize Virus Jason Ross (Aug 01)
- Re: Analize Virus Robert McArdle (Aug 01)
- Re: Analize Virus Colin Copley (Aug 01)
- RE: Analize Virus Matt Steer (Aug 03)
- Re: Analize Virus lists73 (Aug 03)
- Re: Analize Virus Andre' - SemperSecurus (Aug 03)
- Re[2]: Analize Virus Rafa Richart (Aug 03)
- Re: Re: Analize Virus ebk_lists (Aug 03)