Archive | Forensics


18 August 2011 | 13,101 views

Collar Bomber Gets Owned By Word Metadata & USB Drive

There were other more technical and probably relevant stories to report on today, but for some reason I just found this story very odd and strangely fascinating. Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains [...]

Continue Reading


23 June 2011 | 6,832 views

ksymhunter – Routines For Hunting Down Kernel Symbols

Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples:

And..

You can download ksymhunter v1.0 here: ksymhunter.tar.gz Or read more here.

Continue Reading


30 May 2011 | 7,249 views

Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling

SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis [...]

Continue Reading


23 May 2011 | 10,077 views

Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations [...]

Continue Reading


11 May 2011 | 7,342 views

peepdf – Analyze & Modify PDF Files

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. [...]

Continue Reading


25 November 2010 | 13,165 views

BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep. There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that [...]

Continue Reading


15 November 2010 | 23,764 views

Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, [...]

Continue Reading


12 August 2010 | 7,246 views

BitBlaze – Binary Analysis Platform For Computer Security

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging [...]

Continue Reading


03 August 2010 | 25,087 views

Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution

WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and [...]

Continue Reading


26 July 2010 | 17,674 views

PlainSight – Open Source Computer Forensics LiveCD

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools such as RegRipper, Pasco, Mork, Foremost and many more. We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. [...]

Continue Reading