Penetration Testing mailing list archives

Re[2]: Analize Virus

From: Rafa Richart <Rafa () ontinet com>
Date: Fri, 3 Aug 2007 13:59:52 +0200


Thanks very much to all the people has aswered my question, now I've many information 


Best regards

jueves, 02 de agosto de 2007
a las 17:39, escribió:

AS> My $.02

AS> For static or code analysis, I use IDAPro or Ollydbg as well as good
AS> old 'strings' and 'objdump', I've also been starting to play with PE
AS> Explorer lately.

AS> For dynamic studies, I'll run wireshark on my host system and use a
AS> combo of Winalysis, Process Explorer, filemon, and fport. Lately, I've
AS> been kicking SysAnalyzer around a bit.

AS> Keep in mind, more and more malware is becoming VMWare aware, so a
AS> hardware solution such as a CoreRestore card might be a good
AS> investment.

AS> In general:

AS> Behavioral Analysis:
AS> Wireshark
AS> Process Monitor
AS> Process Explorer
AS> FileMon
AS> RegMon
AS> TCPView
AS> Winalysis
AS> SysAnalyzer
AS> Snort
AS> tcpdump

AS> Static Analysis:
AS> AV Scanners
AS> IDA Pro
AS> Ollydbg
AS> strings
AS> Various unpackers
AS> PE Explorer
AS> LordPE
AS> Google

AS> HTH



AS> On 7/31/07, Rafa Richart <Rafa () ontinet com> wrote:

Hi Pals,

we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some 
advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...

Any help is wellcome.

Thanks in advance

Rafa

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------









-- 
Saludos,
Departamento técnico
Ontinet.com, S.L.
http://www.protegerse.com
----------------------------------------------------------------------------
Noticias de seguridad, Datos sobre virus, Alertas, Bulos
Visite nuestra Enciclopedia: http://www.enciclopediavirus.com
----------------------------------------------------------------------------

***
Mensaje escrito con The Bat! versión 3.95.8
Con fecha viernes, 03 de agosto de 2007 a las 13:55


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

Re: Analize Virus 杨峰 (Aug 01)
- Re: Analize Virus Paul Halliday (Aug 03)
- <Possible follow-ups>
- Re: Analize Virus Jason Ross (Aug 01)
- Re: Analize Virus Robert McArdle (Aug 01)
- Re: Analize Virus Colin Copley (Aug 01)
  - RE: Analize Virus Matt Steer (Aug 03)
- Re: Analize Virus lists73 (Aug 03)
- Re: Analize Virus Andre' - SemperSecurus (Aug 03)
  - Re[2]: Analize Virus Rafa Richart (Aug 03)
- Re: Re: Analize Virus ebk_lists (Aug 03)