Archives/2014

From aldeid
Jump to: navigation, search
You are here:
2014
Officemalscanner-icon.png

Analyze Office documents with OfficeMalScanner

Mon, 23 Dec 2013 22:05:00 +0200

OfficeMalScanner is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams.

Read more

Cscript-wscript-icon.png

cscript and wscript

Sat, 21 Dec 2013 12:05:00 +0200

cscript and wscript are command line (CLI) utilities from Microsoft to analyze JavaScript and VBScript. They both use Internet Explorer scripting engine.

Read more

Malzilla-icon.png

Malzilla, malware hunting tool

Sun, 15 Dec 2013 12:15:00 +0200

Malzilla is a malware hunting tool. It uses the SpiderMonkey engine to analyze scripts. Among other things, it is able to deobfuscate JavaScripts and has several decoders and other utilities. It currently exclusilvely supports Windows.

Read more

Rhino-icon.png

Deobfuscate JavaScript with Rhino JavaScript Debugger

Sat, 14 Dec 2013 15:45 +0100

Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. It is embedded in J2SE 6 as the default Java scripting engine. Rhino-debugger is a Graphical User Interface (GUI) that enables to debug JavaScript. It is convenient for malware analysts to deobfuscate JavaScript.

Read more

V8-icon.png

Deobfuscate JavaScript with V8

Sat, 14 Dec 2013 09:15 +0100

V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. Learn how to deobfuscate JavaScript with V8.

Read more

Spidermonkey-icon.png

Deobfuscating JavaScript with SpiderMonkey

Fri, 13 Dec 2013 22:10:00 +0100

SpiderMonkey is Mozilla's JavaScript engine written in C/C++. It is used in various Mozilla products, including Firefox, and is available under the MPL2. Learn how to deobfuscate JavaScript with SpiderMonkey.

Read more

Fakenet-icon.png

PracticalMalwareAnalysis FakeNet

Fri, 22 Nov 2013 20:25:00 +0100

FakeNet is a tool developed by Andrew Honig and Mike Sikorski. Its objective is to aid the malware analysts in the dynamic analysis of malicious softwares. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. It is able to intercept any traffic, including DNS, HTTP, HTTPS, SMTP, SMTP over SSL and has the ability to display SSL based traffic (e.g. HTTPS, SMTP/SSL) in clear.

Read more

Procdot-icon.png

ProcDOT, malware visualization tool

Sun, 17 Nov 2013 10:12:00 +0100

ProcDOT is a tool developed by Christian Wojner from Cert.at. It processes Sysinternals Process Monitor (procmon) logfiles and PCAP logs (Windump, tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. It is very convenient for malware analysts.

Read more

Older entries »