Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Playing with Viruses on windows

from [cyclone dude] Network Security [Permanent Link]
Subject: Re: Playing with Viruses on windows
Date: Thu, 12 Aug 2004 16:42:26 +0100 (BST) 
you can also include: InstallRite to monitor
file/registry changes, tools from sysinternals.com,
binary string tools (BinText,BiTes), and dont forget
to download some unpackers, coz mostly of viruses
today are packed/compressed w/ modified headers. for
this you can use some generic unpacker tools or winhex
to dump program in memory, pe rebuilder may also help.
for advance virus analysis, use debuggers (ollydbg,
idapro, s-ice) to check every detail of the virus.

ofcourse dont forget to isolate your testing
machine/network.. =)

-CyCl0ne
 --- Ismael Briones <ismak@inkatel.com> wrote: 

Dou you know InCtrl5?

http://www.pcmag.com/article2/0,1759,25214,00.asp
http://www.pcmag.com/article2/0,4149,9882,00.asp



Castigliola, Angelo wrote:


VMWare is a really good idea. Filemon and Regmon is

a must along with your favorite packet sniffer.


Angelo Castigliola III
Operations Technical Analyst I
UnumProvident IT Services
207.575.3820


-----Original Message-----
From: Altheide, Cory B. (IARC)

[mailto:AltheideC@nv.doe.gov] 

Sent: Tuesday, August 10, 2004 3:14 PM
To: 'Cedric Foll'; focus-virus@securityfocus.com
Subject: RE: Playing with Viruses on windows

 


-----Original Message-----
From: Cedric Foll [mailto:cedric.foll@ac-rouen.fr]



Sent: Tuesday, August 10, 2004 7:56 AM
To: focus-virus@securityfocus.com
Subject: Playing with Viruses on windows

Hi,

I would like to now if anyone knows good tools to

play with 

w32 viruses. The idea would be to run it in a

sandbox and 

trace all action the virus try to do and can say

'yes' or 

'no'. Something like 'The program try to write XXX

in the 

registry, are you agree ?', 'It open a socket, is

it ok ?', 

'it tries to open this file with W access'. I can

do 

something quite similar with VMWARE and Kerio but

I would 

like to have something with more information (like

a (x)trace 

on Unix) and more interactive.

Regards.

--
Cedric Foll
Ingénieur réseaux et sécurité
Rectorat de Rouen
   



http://home.t-online.de/home/Ollydbg/

-- Cory



 


 


________________________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Virus Scanning Web pages, Brian Erdelyi
Next by Date:  Re[2]: Playing with Viruses on windows, Matthew Leeds
Previous by Thread:  Re: Playing with Viruses on windows, Ismael Briones
Next by Thread:  RE: Playing with Viruses on windows, Pete Simpson
Indexes:  [Date] [Thread] [Top] [All Lists]