56 results tagged
analysis
✕
Malpedia is a free service offered by Fraunhofer FKIE.
Administration is lead by Daniel Plohmann and Steffen Enders.
Mission Statement
The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.
Please respect the Terms of Service.
Also, please be aware that not all content on Malpedia is publicly available.
More specifically, you will need an account to access all data (malware samples, non-public YARA rules, ...).
In this regard, Malpedia is operated as an invite-only trust group.
Administration is lead by Daniel Plohmann and Steffen Enders.
Mission Statement
The primary goal of Malpedia is to provide a resource for rapid identification and actionable context when investigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to foster meaningful and reproducible research.
Please respect the Terms of Service.
Also, please be aware that not all content on Malpedia is publicly available.
More specifically, you will need an account to access all data (malware samples, non-public YARA rules, ...).
In this regard, Malpedia is operated as an invite-only trust group.
MyPcapAnalyzer is a service that analyzes pcap files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by Intrution Detection Engines and other rulesets.
The NetSA Security Suite network sensing architecture is comprised of four major subsystems described below: sensor, collector, analysis, and alerting. These subsystems interconnect in order to collect, process, store, and analyze network communications.
MQTT Explorer is a comprehensive MQTT client that provides a structured overview of your MQTT topics and makes working with devices/services on your broker dead-simple.
The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data. These tools have grown out of the work of the AirCERT project, the SiLK project and the effort to integrate this work into a unified, standards-compliant flow collection and analysis platform.
If you are new to the NetSA Security Suite, start with this overview of the components that comprise the NetSA Security Suite and their inter-operation.
CERT is a part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University.
If you are new to the NetSA Security Suite, start with this overview of the components that comprise the NetSA Security Suite and their inter-operation.
CERT is a part of the Software Engineering Institute (SEI), a federally funded research and development center (FFRDC) operated by Carnegie Mellon University.
This is a nice question.
As a matter of fact, tcpdump is the first software found after the wire (and the NIC, if you will) on the way IN, and the last one on the way OUT.
Wire -> NIC -> tcpdump -> netfilter/iptables
iptables -> tcpdump -> NIC -> Wire
Thus it sees all packets reaching your interface, and all packets leaving your interface. Since packets to port 53 do not get a reply, as seen by tcpdump, you have successfully verified that your iptables rules have been correctly configured.
EDIT
Perhaps I should add a few details. tcpdump is based on libpcap, a library which creates a packet socket. When a regular packet is received in the network stack, the kernel first checks to see whether there is a packet socket interested in the newly arrived packet and, if there is one, it forwards the packet to that packet socket. If the option ETH_P_ALL is chosen, then all protocols go thru the packet socket.
libpcap implements one such packet socket with the option activated, keeps a copy for its own use, and duplicates the packet back onto the network stack, where it is processed by the kernel in the usual way, including passing it first to netfilter, the kernel-space counterpart of iptables. Same thing, in reverse order (i.e., first netfilter then last the passage thru the packet socket), on the way out.
Is this prone to hacking? But of course. There are certainly proof-of-concept rootkits using libpcap to intercept communications destined to the rootkit before the firewall can lay its hand on them. But even this pales in comparison with the fact that a simple Google query unearths working code hiding traffic even from libpcap. Still, most professionals think the advantages vastly outweigh the disadvantages, in debugging network packet filters.
As a matter of fact, tcpdump is the first software found after the wire (and the NIC, if you will) on the way IN, and the last one on the way OUT.
Wire -> NIC -> tcpdump -> netfilter/iptables
iptables -> tcpdump -> NIC -> Wire
Thus it sees all packets reaching your interface, and all packets leaving your interface. Since packets to port 53 do not get a reply, as seen by tcpdump, you have successfully verified that your iptables rules have been correctly configured.
EDIT
Perhaps I should add a few details. tcpdump is based on libpcap, a library which creates a packet socket. When a regular packet is received in the network stack, the kernel first checks to see whether there is a packet socket interested in the newly arrived packet and, if there is one, it forwards the packet to that packet socket. If the option ETH_P_ALL is chosen, then all protocols go thru the packet socket.
libpcap implements one such packet socket with the option activated, keeps a copy for its own use, and duplicates the packet back onto the network stack, where it is processed by the kernel in the usual way, including passing it first to netfilter, the kernel-space counterpart of iptables. Same thing, in reverse order (i.e., first netfilter then last the passage thru the packet socket), on the way out.
Is this prone to hacking? But of course. There are certainly proof-of-concept rootkits using libpcap to intercept communications destined to the rootkit before the firewall can lay its hand on them. But even this pales in comparison with the fact that a simple Google query unearths working code hiding traffic even from libpcap. Still, most professionals think the advantages vastly outweigh the disadvantages, in debugging network packet filters.
The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.
JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.
JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library.
JD-Core, JD-GUI & JD-Eclipse are open source projects released under the GPLv3 License.
JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.
JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.
JD-Core is a library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library.
JD-Core, JD-GUI & JD-Eclipse are open source projects released under the GPLv3 License.
Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. So we decided to roll our own. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters. Note that it works under Windows 95 as well.
glogg is a multi-platform GUI application to browse and search through long or complex log files. It is designed with programmers and system administrators in mind. glogg can be seen as a graphical, interactive combination of grep and less.
Hey there!
If you have been searching for a place to get started with
Reverse Engineering and get your hands dirty - you are in the right place :)
If you have been searching for a place to get started with
Reverse Engineering and get your hands dirty - you are in the right place :)
Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports. This website gives you access to the Community Edition of Joe Sandbox Cloud. It allows you to run a maximum of 30 analyses / month, 3 analyses / day on Windows, Linux and Android with limited analysis output.
Robtex uses various sources to gather public information about IP numbers, domain names, host names, Autonomous systems, routes etc. It then indexes the data in a big database and provide free access to the data.
We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet.
Our database now contains billions of documents of internet data collected over more than a decade.
We aim to make the fastest and most comprehensive free DNS lookup tool on the Internet.
Our database now contains billions of documents of internet data collected over more than a decade.
Ce meetup a pour objectif de vous montrer en direct comment capturer et analyser vos premiers malwares, de la mise en place d'un pot de miel (honeypot) jusqu'à l'identification du serveur de contrôle.
Support and Recovery Assistant is a new tool that helps users troubleshoot and fix issues with various Office 365 apps and services. The app diagnoses common Outlook issues like account setup, connectivity issues, password issues, or Outlook stops responding or crashes. To identify the root cause of these issues, the app runs checks such as:
Checks licenses
Verifying users’ credentials and that Office 365 servers are reachable
Checks for updates to Outlook clients
Checks authentication
Network checks
Protocol checks
Depending on the test results, the tool can offer to automatically fix problems for users or provide instruction on recommended solutions. All the diagnostics results are saved in a log file for users to share with their Office 365 admin or support engineers for further investigation.
Checks licenses
Verifying users’ credentials and that Office 365 servers are reachable
Checks for updates to Outlook clients
Checks authentication
Network checks
Protocol checks
Depending on the test results, the tool can offer to automatically fix problems for users or provide instruction on recommended solutions. All the diagnostics results are saved in a log file for users to share with their Office 365 admin or support engineers for further investigation.
VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code.
Free Website Malware and Security Scanner:
Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
File Analyzer detects and analyses potential malicious executables such as:
.exe (Executables, GUI, CUI, and all variants like PIF, SCR, CPL etc)
.dll (Dynamic Link Libraries)
.vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM etc)
.any (Available in Pro Version)
File Analyzer is based on Joe Sandbox Desktop which performs deep malware analysis. Compared to others Joe Sandbox performs static, dynamic, graph and hybrid analysis to get the most in-depth analysis possible. The captured behavior is rated and classified by one of the biggest behavior signature sets.
What about evasive malware? Joe Sandbox Desktop is the only solution which uses novel graph based algorithms to detect and spot evasive behavior. Checkout the behavior and execution graphs in the reports. To leave malware no choice for VM detection Joe Sandbox Desktop enables to analyze on bare-metal machines (e.g. on a Laptop or PC from your environment).
.exe (Executables, GUI, CUI, and all variants like PIF, SCR, CPL etc)
.dll (Dynamic Link Libraries)
.vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM etc)
.any (Available in Pro Version)
File Analyzer is based on Joe Sandbox Desktop which performs deep malware analysis. Compared to others Joe Sandbox performs static, dynamic, graph and hybrid analysis to get the most in-depth analysis possible. The captured behavior is rated and classified by one of the biggest behavior signature sets.
What about evasive malware? Joe Sandbox Desktop is the only solution which uses novel graph based algorithms to detect and spot evasive behavior. Checkout the behavior and execution graphs in the reports. To leave malware no choice for VM detection Joe Sandbox Desktop enables to analyze on bare-metal machines (e.g. on a Laptop or PC from your environment).
Malware Analysis Reports: Latest behavior analysis reports generated by Joe Sandbox
Check out our latest Analysis Reports of Evasive Malware
Windows
Android
Mac
iOS
Check out our latest Analysis Reports of Evasive Malware
Windows
Android
Mac
iOS
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.