Archive | Countermeasures


13 July 2011 | 10,854 views

French Company Intego Release First iPhone Malware Scanner

This is quite an interesting story as it’s very closely related to the story we published earlier this week – Malicious PDF Files To Exploit iPhone & iPad Zero Day In The Wild. Hot on the tail of that news is the first-ever malware scanning app for iOS devices (iPhone/iPad etc) from a French security [...]

Continue Reading


23 June 2011 | 6,831 views

ksymhunter – Routines For Hunting Down Kernel Symbols

Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples:

And..

You can download ksymhunter v1.0 here: ksymhunter.tar.gz Or read more here.

Continue Reading


01 June 2011 | 7,397 views

Microsoft Enhanced Mitigation Evaluation Toolkit (EMET)

The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the [...]

Continue Reading


23 May 2011 | 10,031 views

Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations [...]

Continue Reading


16 May 2011 | 8,204 views

pytbull – Intrusion Detection/Prevention System (IDS/IPS) Testing Framework

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped in [...]

Continue Reading


05 May 2011 | 8,279 views

ArpON v2.2 Released – Tool To Detect & Block ARP Spoofing

ArpON (ARP handler inspection) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks. [...]

Continue Reading


13 April 2011 | 6,934 views

Microsoft Unleashes Record Breaking Patch Tuesday – April 2011

We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program. That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities [...]

Continue Reading


06 April 2011 | 6,506 views

Google Chrome To Protect Users Against Malicious Executables

It looks like Google Chrome is stepping up to provide users with the most secure browsing experience. The browser has been built with security in mind since the beginning with it’s sandbox model and it escaped exploitation during the recent Pwn2Own contest. Now they are infringing on the area of anti-virus vendors and stepping up [...]

Continue Reading


22 March 2011 | 9,996 views

Smooth-Sec – All In One Pre-Configured IDS/IPS System

Smooth-Sec is a ready to-go IDS/IPS (Intrusion Detection/Prevention System) Linux distribution based on the multi threaded Suricata IDS/IPS engine and Snorby, the top notch web application for network security monitoring. Smooth-Sec is built on Ubuntu 10.04 LTS using the TurnKey Core base as development platform. Functionality is the key point that allows a user to [...]

Continue Reading


11 March 2011 | 7,285 views

Agnitio v1.2 – Manual Security Code Review Tool

Agnitio is a tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. v1.2 of Agnitio includes a new application metrics section to give better visibility of the [...]

Continue Reading