Penetration Testing mailing list archives
Re: Analize Virus
From: "Andre' - SemperSecurus" <sempersecurus () gmail com>
Date: Thu, 2 Aug 2007 11:39:38 -0400
My $.02 For static or code analysis, I use IDAPro or Ollydbg as well as good old 'strings' and 'objdump', I've also been starting to play with PE Explorer lately. For dynamic studies, I'll run wireshark on my host system and use a combo of Winalysis, Process Explorer, filemon, and fport. Lately, I've been kicking SysAnalyzer around a bit. Keep in mind, more and more malware is becoming VMWare aware, so a hardware solution such as a CoreRestore card might be a good investment. In general: Behavioral Analysis: Wireshark Process Monitor Process Explorer FileMon RegMon TCPView Winalysis SysAnalyzer Snort tcpdump Static Analysis: AV Scanners IDA Pro Ollydbg strings Various unpackers PE Explorer LordPE Google HTH On 7/31/07, Rafa Richart <Rafa () ontinet com> wrote:
Hi Pals, we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc... Any help is wellcome. Thanks in advance Rafa ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Andre' M. Di Mino - SemperSecurus The Shadowserver Foundation http://www.shadowserver.org
Current thread:
- Re: Analize Virus 杨峰 (Aug 01)
- Re: Analize Virus Paul Halliday (Aug 03)
- <Possible follow-ups>
- Re: Analize Virus Jason Ross (Aug 01)
- Re: Analize Virus Robert McArdle (Aug 01)
- Re: Analize Virus Colin Copley (Aug 01)
- RE: Analize Virus Matt Steer (Aug 03)
- Re: Analize Virus lists73 (Aug 03)
- Re: Analize Virus Andre' - SemperSecurus (Aug 03)
- Re[2]: Analize Virus Rafa Richart (Aug 03)
- Re: Re: Analize Virus ebk_lists (Aug 03)