jueves, 26 de diciembre de 2013

[Tool] Few very useful tools for dynamic malware analysis

Some time we need to analysis some executables, and Cuckoo sandbox and other sandboxes can't get information what we want / don't work.

So here a few very useful tools for dynamic malware analysis:

  • CFF Explorer - a freeware suite of tools including a PE editor called CFF Explorer and a process viewer
  • Process Explorer - shows you information about which handles and DLLs processes have opened or loaded. 
  • Process Hacker  - process viewer with powerful process termination and memory searching/editing capabilities.
  • LordPE - is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, ...
  • PeSturdio - performing the static investigation of any Windows executable binary.
  • Process Monitor - is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • TcpView - is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
  • Wireshark - very powerful network analyzer
  • Peframe -  is a tool to perform static analysis on (portable executable) malware
  • RegShot - It is a small command line tool for creating and comparing two registry files, export the registry, merge .REG files and much more.

I will update this list, with all useful tools what I see.

Best regards

martes, 3 de diciembre de 2013

[Howto] Configure VPN with token support on Mac Os X

For configure VPN with token support in Mac I install openconnect from homebrew with the next command:

brew install openconnect

if you don't know what is homebrew, check this link for more information/instalation guide, after that we need to install tun/tap driver,  we can download it here

And in my case I connect to the server with option --no-cert-check:

openconnect --no-cert-check my_server

This is all, now you have everything what you need :)

best regards