Main Page

From Aldeid
Jump to: navigation, search

Pentesting   •    Network   •    Web Hacking   •    Digital Forensics   •    Malwares   •    Research

send me a mail follow me on twitter follow me on dig follow me on facebook packetstorm tools linkedin profile subscribe rss feed follow me on youtube follow me on google+

Wmic-linux-icon.png

WMIC for Linux

Sun, 09 June 2013 16:45:00 +0100

Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line. This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host. The client for Linux is not as powerful as the one for Windows because it is limited to "select" requests (i.e. not possible to request something like "process list brief") but will be helpful if you don't want to start your Windows virtual machine.

Read more

Getsusp-icon.png

GetSusp can identify unknown malwares

Thu, 06 June 2013 20:54:00 +0100

McAfee GetSusp is intended for users who suspect undetected malware on their computer. GetSusp eliminates the need for deep technical knowledge of computer systems to isolate undetected malware. It does this by using a combination of heuristics and querying the McAfee Global Threat Intelligence (GTI) file reputation database to gather suspicious files.

Read more

Rifiuti2-icon.png

rifiuti2 analyzes INFO2 file in the Windows recycle bin

Wed, 05 June 2013 14:47:00 +0100

Rifiuti2 is a rewrite of rifiuti, a tool that analyzes Windows Recycle Bin INFO2 file. Some of the features provided by rifiuti2: Supports Windows file names in any languages; Supports Vista and Windows 2008 (no more uses INFO2 file); Enables localization (that is, translatable) by using glib; More rigorous error checking; Supports output in XML format.

Read more

Spiderfoot-icon.png

SpiderFoot gathers a lot of information from a domain

Sat, 25 May 2013 09:49:00 +0100

SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more.

Read more

Windows-userassist-keys-icon.png

Decrypting UserAssist registry keys

Sun, 07 April 2013 14:18:00 +0200

Windows systems maintain a set of keys in the registry database (UserAssist keys) to keep track of programs that executed. The number of executions and last execution date and time are available in these keys. The information within the binary UserAssist values contains only statistical data on the applications launched by the user via Windows Explorer. Programs launched via the command­line (cmd.exe) do not appear in these registry keys. From a forensics perspective, being able to decode this information can be very useful.

Read more

Winprefetchview-icon.png

WinPrefetchView reads information contained in Windows prefetch files

Tue, 02 April 2013 22:22:00 +0200

Each time an application is run in a Windows based system, registry keys and a prefetch file (%windir%\*.pf) which contains information about the files loaded by the application are created. The information in the prefetch files are used for optimizing the loading time of the application for the next times it will be run. WinPrefetchView is a small utility that reads the prefetch files and displays the information stored in them (files used, files loaded on Windows boot).

Read more

Jsunpackn.png

Jsunpack-n, the CLI version of Jsunpack

Sat, 09 Mar 2013 09:20:00 +0100

Jsunpack-n is a command-line Javascript unpacker that has more or less the same features as the Web version of Jsunpack

Read more

Pescanner.png

pescanner.py, a PE analyzer

Sun, 03 Mar 2013 15:26:00 +0100

pescanner.py is a PE analyzer written in python by the authors of the Malware Analysts Cookbook. It is available in the companion DVD shipped by the book but is also freely distributed on Google code. The script has the ability to detect files with TLS entries, files with resource directories, suspicious IAT entries, suspicious entry point sections, sections with zero-length raw sizes, sections with extremely low or high entropy, invalid timestamps and file version information. Among other things, this script is helpful to understand the behavior of an executable and classify malwares (UPX packed, trojan downloader, trojan dropper, ...).

Read more

Volatility-example.png

From AlienVault SIEM alarms to identification of infected files on the compromised machine

Mon, 25 Feb 2013 13:31:00 +0100

This article shows how to dig into the memory dump using volatility to identify malwares found on a Windows XP machine, initially detected with the AlienVault SIEM.

Read more

Volatility.png

Volatility framework explained

Sun, 24 Feb 2013 08:26:00 +0100

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibiltiy into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Read more


Older entries »

Retrieved from "http://www.aldeid.com/w/index.php?title=Main_Page&oldid=20197"
Personal tools
Namespaces

Variants
Actions
Security
Menu
Misc
Toolbox