Penetration Testing mailing list archives
RE: Analize Virus
From: "Matt Steer" <Matt.Steer () marstons co uk>
Date: Thu, 2 Aug 2007 11:18:08 +0100
Rafa, I find the Malcode Analyst pack from www.sandsprite.com useful when I'm performing analysis. Regards, Matt Steer -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Colin Copley Sent: 01 August 2007 17:24 To: Rafa Richart Cc: pen-test () securityfocus com Subject: Re: Analize Virus
From: "Rafa Richart" <Rafa () ontinet com> To: <pen-test () securityfocus com> Sent: Tuesday, July 31, 2007 6:28 PM Subject: Analize Virus we're looking for some tools to analize the Malware behaivor, we've a Lab
under contrucción, but we need some advices of what tools we've to use. tools to see what >have benn changin the registry, stat conexions etc... Hi You might want to try one of the malware/virus lists as well, but here's some apps you'll probably find useful: A virtual machine environment:- MS Virtual Machine and /or VMware Dynamic analysis:- Regmon & Filemon, from Sysinternals, now at MS Technet (Strings, Process Explorer, Autoruns, & Rootkit Revealer are also useful to have handy, also from Sysinternals) Simple DOS scripts can help to create your baselines before running a virus. You'll also need a selection of unpackers, decompilers, debuggers, disassemblers and hex editors. I've found these useful: PEid MewUnpacker Hexplorer / Hiew Softice IDA w32dasm Just google for links, but handle the unpackers with care, some are trojans. Kind Regards Colin ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ____________________________________________________ This message has been checked for Viruses and has been found to be clean. Marston's PLC Group Services IT Department ____________________________________________________ ********************************************************************************** Visit our Web site at www.marstons.co.uk !! This email is confidential and may be legally privileged as are any files transmitted with it. It is intended solely for the use by the person to whom it is addressed. If you are not the intended recipient, be advised that you have received this e-mail in error and that any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is strictly prohibited and may be unlawful. Any views or opinions presented are solely those of the author and do not necessarily represent those of Marston's PLC. If you have received this e-mail in error please notify The Marston's IT Service Desk on 01902 329500. "Marston's PLC is a public limited company registered in England and Wales. Registered number: 31461 Registered office: Marston's House, Wolverhampton, WV1 4JT." ********************************************************************************** ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Analize Virus 杨峰 (Aug 01)
- Re: Analize Virus Paul Halliday (Aug 03)
- <Possible follow-ups>
- Re: Analize Virus Jason Ross (Aug 01)
- Re: Analize Virus Robert McArdle (Aug 01)
- Re: Analize Virus Colin Copley (Aug 01)
- RE: Analize Virus Matt Steer (Aug 03)
- Re: Analize Virus lists73 (Aug 03)
- Re: Analize Virus Andre' - SemperSecurus (Aug 03)
- Re[2]: Analize Virus Rafa Richart (Aug 03)
- Re: Re: Analize Virus ebk_lists (Aug 03)