Archives/2014
| You are here: | 2014
|
|
Analyze Office documents with OfficeMalScanner Mon, 23 Dec 2013 22:05:00 +0200 OfficeMalScanner is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. |
|
cscript and wscript Sat, 21 Dec 2013 12:05:00 +0200 cscript and wscript are command line (CLI) utilities from Microsoft to analyze JavaScript and VBScript. They both use Internet Explorer scripting engine. |
|
Malzilla, malware hunting tool Sun, 15 Dec 2013 12:15:00 +0200 Malzilla is a malware hunting tool. It uses the SpiderMonkey engine to analyze scripts. Among other things, it is able to deobfuscate JavaScripts and has several decoders and other utilities. It currently exclusilvely supports Windows. |
|
Deobfuscate JavaScript with Rhino JavaScript Debugger Sat, 14 Dec 2013 15:45 +0100 Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. It is embedded in J2SE 6 as the default Java scripting engine. Rhino-debugger is a Graphical User Interface (GUI) that enables to debug JavaScript. It is convenient for malware analysts to deobfuscate JavaScript. |
|
Deobfuscate JavaScript with V8 Sat, 14 Dec 2013 09:15 +0100 V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. Learn how to deobfuscate JavaScript with V8. |
|
Deobfuscating JavaScript with SpiderMonkey Fri, 13 Dec 2013 22:10:00 +0100 SpiderMonkey is Mozilla's JavaScript engine written in C/C++. It is used in various Mozilla products, including Firefox, and is available under the MPL2. Learn how to deobfuscate JavaScript with SpiderMonkey. |
|
PracticalMalwareAnalysis FakeNet Fri, 22 Nov 2013 20:25:00 +0100 FakeNet is a tool developed by Andrew Honig and Mike Sikorski. Its objective is to aid the malware analysts in the dynamic analysis of malicious softwares. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. It is able to intercept any traffic, including DNS, HTTP, HTTPS, SMTP, SMTP over SSL and has the ability to display SSL based traffic (e.g. HTTPS, SMTP/SSL) in clear. |
|
ProcDOT, malware visualization tool Sun, 17 Nov 2013 10:12:00 +0100 ProcDOT is a tool developed by Christian Wojner from Cert.at. It processes Sysinternals Process Monitor (procmon) logfiles and PCAP logs (Windump, tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. It is very convenient for malware analysts. |