Search Results for “Analysis” – Page 5

Reverse Engineering

Nov 23, 2017

PortEx – Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness

PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table Reading standard section formats: Import Section, […]

root

Malware

Nov 21, 2017

EMOTET Malware Hijacking the Windows API & Evade the Sandbox Analysis

A wide Spread EMOTET malware emerging again with new stealthy capabilities to hijack the Windows API and evade the sandbox detection which also gives more pain for Malware analysis. Previous future called RunPE that is used for hiding malware into the Legitimate process to evade the security scanners and inject its code into windows executable process. In […]

root

Incidents

Nov 16, 2017

New EMOTET Hijacks a Windows API, Evades Sandbox and Analysis

We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTET has a new iteration (detected as TSPY_EMOTET.SMD10) with a few changes in its usual behavior and new routines that allow it to elude sandbox and […]

root

Vulnerability Analysis

Nov 16, 2017

Fake Sandbox Processes (FSP) – Tool to simulate fake processes of analysis sandbox/VM software

This small script will simulate fake processes of analysis, sandbox and/or VM software that some malware will try to avoid. You can download the original script (made by @x0rz ) in the orig directory. You can also download my slightly optimized script in the main directory. The file is named fsp.ps1. Script-Features Some (good) spyware […]

root

Vulnerability Analysis

Nov 12, 2017

Dex-Oracle – A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis

A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis. Also, the inspiration for another Android deobfuscator: Simplify. Before After sha1: a68d5d2da7550d35f7dbefc21b7deebe3f4005f3md5: 2dd2eeeda08ac8c15be8a9f2d01adbe8 Installation Step 1. Install Smali / Baksmali Since you’re an elite Android reverser, I’m sure you already have Smali and Baksmali on your path. If for some strange reason […]

root

Pentest

Nov 08, 2017

Parrot Security OS New Released with a Collection of tools for Penetration Testing and Forensic Analysis

Parrot Security Operating System is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals. With the new release 3.9, it includes some important new features to make the system more secure and reliable.By default, it includes TOR, I2P, anonsurf, gpg, tccf, zulucrypt, veracrypt, truecrypt, luks and many other methods to […]

root

System Administration

Oct 29, 2017

Assemblyline – Distributed File Analysis Framework

Assemblyline is a scalable distributed file analysis framework. It is designed to process millions of files per day but can also be installed on a single box. Canada’s electronic spy agency says it is taking the “unprecedented step” of releasing one of its own cyber defence tools to the public, in a bid to help companies and […]

root

Malware

Oct 21, 2017

Assemblyline – Canada’s CSE intelligence Agency releases its malware analysis tool

Canada’s Communications Security Establishment (CSE) intel agency has released the source code for one of its malware analysis tools dubbed Assemblyline. The Canada’s Communications Security Establishment (CSE) intelligence agency has released the source code for one of its malware detection and analysis tools dubbed Assemblyline. The Assemblyline tool is written in Python and was developed under the CSE’s […]

root

Network Tools

Oct 12, 2017

psad – Intrusion Detection and Log Analysis with iptables

The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert […]

root

Binary Analysis

Sep 20, 2017

Pharos – Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National Laboratory for disassembly, control flow analysis, instruction semantics, and more. The current distribution in […]

root

Malware

Sep 18, 2017

CSE CybSec ZLAB Malware Analysis Report: NotPetya

I’m proud to share with you the first report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report NotPetya. As most of you already know I have officially presented my new Co a couple of months ago, CybSec Enterprise is its name and we already started to work on strategic projects […]

root

Computer Forensics

Sep 14, 2017

Xplico – Network Forensic Analysis Tool

Xplico is an open source network forensic analysis tool that supports HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, Facebook, MSN, RTP, IRC, and Paltalk protocols. The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), […]

root

Hackers Repository

Sep 04, 2017

Droid-Hunter – Android application vulnerability analysis and Android pentest tool

Android application vulnerability analysis and Android pentest tool .—. .———– / __ / —— / / ( )/ —– ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ‘ / ` — ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : — ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / /` ‘– By HaHwul // //..\ […]

root

Hackers Repository

Sep 04, 2017

Droid-Hunter – Android application vulnerability analysis and Android pentest tool

Android application vulnerability analysis and Android pentest tool .—. .———– / __ / —— / / ( )/ —– ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ‘ / ` — ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : — ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / /` ‘– By HaHwul // //..\ […]

root

Computer Forensics

Sep 04, 2017

FoxAnalysis – Firefox Internet History Analysis Tool

FoxAnalysis is a forensic software tool for extracting and analyzing internet history from the Firefox web browser. Many types of data can be analyzed including website visits, downloads, form entries, saved logins and cached files. Features Extracted Data Types: Extracted data includes bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and website visits. Web History […]

root

Malware Analysis

Jul 26, 2017

FLARE VM – a fully customizable, Windows-based security distribution for malware analysis, incident response & penetration testing

FLARE VM is the first of its kind freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, […]

root

Malware

Jul 24, 2017

MACOS FRUITFLY BACKDOOR ANALYSIS RENDERS NEW SPYING CAPABILITIES

LAS VEGAS—The FruitFly backdoor became a known entity in January, but it’s a good bet that for years it had been in the wild, undetected by analysts and security software. The macOS and OS X malware has a number of insidious spying capabilities that would make anyone uneasy, and a variant recently analyzed by Synack […]

root

Vulnerabilities

Jul 22, 2017

EnglishmansDentist Exploit Analysis

Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on the exploit named EnglishmansDentist designed to target Exchange Server 2003. EnglishmansDentist targets Exchange 2003 […]

root

Malware Analysis

May 31, 2017

Malware Analysis Tools and Cheat list

A large number of computer intrusions involve some form of malicious software (malware), which finds its way to the victim’s workstation or to a server. When investigating the incident, the IT responder typically seeks to answer questions such as: What actions can the malware specimen perform on the system? How does it spread? How, if […]

root

Vulnerabilities

May 12, 2017

OnePlus OTAs: Analysis & Exploitation

In this blog post we present new trivial vulnerabilities found on OnePlus One/X/2/3/3T OxygenOS & HydrogenOS. They affect the latest versions (4.1.3/3.0) and below. The vulnerabilities allow for a Man-in-the-Middle (MitM) attacker to intervene in the OTA update process in order downgrade OxygenOS/HydrogenOS to older versions and even to replace OxygenOS with HydrogenOS (and vice […]

root

Malware

Apr 22, 2017

DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis

One week ago today, the Shadow Brokers (an unknown hacking entity) leaked the Equation Group’s (NSA) FuzzBunch software, an exploitation framework similar to Metasploit. In the framework were several unauthenticated, remote exploits for Windows (such as the exploits codenamed EternalBlue, EternalRomance, and EternalSynergy). Many of the vulnerabilities that are exploited were fixed in MS17-010, perhaps […]

root