NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates […]
Forensics
Collar Bomber Gets Owned By Word Metadata & USB Drive
There were other more technical and probably relevant stories to report on today, but for some reason I just found this story very odd and strangely fascinating. Now here a strange case, a man climbs into a young girls bedroom in the middle of the night, threatens her with a baseball bat and then chains […]
ksymhunter – Routines For Hunting Down Kernel Symbols
Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples:
|
1 2 3 4 |
$ ./ksymhunter prepare_kernel_cred [+] trying to resolve prepare_kernel_cred... [+] resolved prepare_kernel_cred using /boot/System.map-2.6.38-gentoo [+] resolved prepare_kernel_cred to 0xffffffff81061060 |
And..
|
1 2 3 4 |
$ ./ksymhunter commit_creds [+] trying to resolve commit_creds... [+] resolved commit_creds using /boot/System.map-2.6.38-gentoo [+] resolved commit_creds to 0xffffffff81060dc0 |
You can download ksymhunter v1.0 here: ksymhunter.tar.gz Or read more here.
Sniffjoke 0.4.1 Released – Anti-sniffing Framework & Tool For Session Scrambling
SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis […]
Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool
Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations […]