Attack Surface Analyzer is developed by the Security Engineering group, building on the work of our Security Science team. It is the same tool used by Microsoft’s internal product groups to catalogue changes made to operating system attack surface by the installation of new software. Attack Surface Analyzer takes a snapshot of your system state […]
Windows Hacking
Proxocket – DLL Proxy For Winsock
Proxocket is a dll proxy project for the main Winsock functions which allows to capture any type of packet and data sent/received by a specific software of your choice and optionally modifying its content or the connect, bind and accept functions through a custom dll very easy to create. Proxocket handles the following functions for […]
Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)
It’s pretty rare to read about malware on the Linux or Mac OSX platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java. A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to […]
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes […]
IOCTL Fuzzer v1.2 – Fuzzing Tool For Windows Kernel Drivers
IOCTL Fuzzer is a tool designed to automate the task of searching vulnerabilities in Windows kernel drivers by performing fuzz tests on them. The fuzzer’s own driver hooks NtDeviceIoControlFile in order to take control of all IOCTL requests throughout the system. While processing IOCTLs, the fuzzer will spoof those IOCTLs conforming to conditions specified in […]