Archive | Forensics


09 April 2010 | 7,932 views

StreamArmor – Discover & Remove Alternate Data Streams (ADS)

StreamArmor is a tool for discovering hidden alternate data streams (ADS) and can also clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. StreamArmor comes with fast multi threaded ADS scanner which can recursively […]

Continue Reading

01 December 2009 | 19,562 views

Process Hacker v1.7 Released – Process Viewer & Memory Editor

Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Key Features Viewing, terminating, suspending and resuming processes. Restarting processes, creating dump files, detaching from any […]

Continue Reading

20 October 2009 | 24,808 views

Origami – Parse, Analyze & Forge PDF Documents

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Features […]

Continue Reading

15 October 2009 | 10,235 views

Deep Packet Inspection Engine Goes Open Source

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course). I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects […]

Continue Reading

27 August 2009 | 6,885 views

Trafscrambler – Anti-sniffer/IDS Tool

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD. Features Injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences Userland binary(tsctrl) for controlling trafscrambler NKE SYN decoy – sends out number of SYN pkts before the original SYN pkt TCP reset attack – sends […]

Continue Reading

14 August 2009 | 27,124 views

sslsniff v0.6 Released – SSL MITM Tool

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically […]

Continue Reading

10 August 2009 | 19,476 views

Xplico – Network Forensic Analysis Tool

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic […]

Continue Reading

27 July 2009 | 9,533 views

Wireshark 1.2.1 Released – Network Protocol Analyzer

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as […]

Continue Reading

29 April 2009 | 6,953 views

ScreenStamp! – Free Screenshot Tool With Timestamp

What is ScreenStamp! ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen […]

Continue Reading

20 February 2009 | 6,522 views

DShield Web Honeypot Project – Alpha Version Released

For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends. Like when there was a worm going around that bruteforced SSH2 you could see a spike in port […]

Continue Reading