Archive | Forensics


20 September 2011 | 13,464 views

NetworkMiner v1.1 Released – Windows Packet Analyzer & Sniffer

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates […]

Continue Reading


18 August 2011 | 13,107 views

Collar Bomber Gets Owned By Word Metadata & USB Drive

There were other more technical and probably relevant stories to report on today, but for some reason I just found this story very odd and strangely fascinating. Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains […]

Continue Reading


23 June 2011 | 6,837 views

ksymhunter – Routines For Hunting Down Kernel Symbols

Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples:

And..

You can download ksymhunter v1.0 here: ksymhunter.tar.gz Or read more here.

Continue Reading


30 May 2011 | 7,261 views

Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling

SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis […]

Continue Reading


23 May 2011 | 10,190 views

Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations […]

Continue Reading


11 May 2011 | 7,534 views

peepdf – Analyze & Modify PDF Files

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. […]

Continue Reading


25 November 2010 | 13,186 views

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that […]

Continue Reading


15 November 2010 | 23,996 views

Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, […]

Continue Reading


12 August 2010 | 7,251 views

BitBlaze – Binary Analysis Platform For Computer Security

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging […]

Continue Reading


03 August 2010 | 25,247 views

Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and […]

Continue Reading