Archive | Forensics

22 July 2010 | 13,043 views

Sagan – Real-time System & Event Log (syslog) Monitoring System

Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time! Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting [...]

Continue Reading

09 July 2010 | 10,662 views

REMnux: A Linux Distribution For Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser. REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically [...]

Continue Reading

17 June 2010 | 30,028 views

raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks

raw2vmdk is an OS independent Java utility that allows you to mount raw disk images, like images created by “dd”, using VMware, VirtualBox or any other virtualization platform supporting the VMDK disk format. It could be an interesting tool for doing forensics examinations on compromised boxes when all you have is a dd dump of [...]

Continue Reading

04 May 2010 | 24,240 views

OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent. [...]

Continue Reading

09 April 2010 | 7,872 views

StreamArmor – Discover & Remove Alternate Data Streams (ADS)

StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively [...]

Continue Reading

01 December 2009 | 17,517 views

Process Hacker v1.7 Released – Process Viewer & Memory Editor

Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Key Features Viewing, terminating, suspending and resuming processes. Restarting processes, creating dump files, detaching from any [...]

Continue Reading

20 October 2009 | 24,536 views

Origami – Parse, Analyze & Forge PDF Documents

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features [...]

Continue Reading

15 October 2009 | 9,976 views

Deep Packet Inspection Engine Goes Open Source

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course). I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects [...]

Continue Reading

27 August 2009 | 6,788 views

Trafscrambler – Anti-sniffer/IDS Tool

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD. Features Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences Userland binary(tsctrl) for controlling trafscrambler NKE SYN decoy – sends out number of SYN pkts before the original SYN pkt TCP reset attack – sends [...]

Continue Reading

14 August 2009 | 26,919 views

sslsniff v0.6 Released – SSL MITM Tool

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically [...]

Continue Reading