Sat, 14 Dec 2013 15:45 +0100
FakeNet is a tool developed by Andrew Honig and Mike Sikorski. Its objective is to aid the malware analysts in the dynamic analysis of malicious softwares. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. It is able to intercept any traffic, including DNS, HTTP, HTTPS, SMTP, SMTP over SSL and has the ability to display SSL based traffic (e.g. HTTPS, SMTP/SSL) in clear.
ProcDOT is a tool developed by Christian Wojner from Cert.at. It processes Sysinternals Process Monitor (procmon) logfiles and PCAP logs (Windump, tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed. It is very convenient for malware analysts.