If you are using windows, then IDA, if you are using unix, then
objdump. You do not need a sandbox, just need to know how to read
assembly.
On 7/28/05, Todd Towles <toddtowles@brookshires.com> wrote:
A bit off-topic, but I would look into VMWare. There are several Linux
tools that will work the same as well. A separate OS environment would
be very helpful in your new interest. Plus, it is very easy to go back
to a fresh OS state after a malware analyzing session.
-----Original Message-----
From: Erin Carroll [mailto:amoeba@amoebazone.com]
Sent: Thursday, July 28, 2005 11:45 AM
To: pen-test@securityfocus.com
Subject: Exploit package analysis
All,
Some of the fun of moderating this list is getting a wide
exposure to aspects of pen-testing I have yet to tackle. One
thing managing the list has prompted me to explore is
exploit/code package analysis... thanks to all the spam I get
to sift through :)
In addition to worrying about my poker game, manly endowment
& performance, and Rolex collection (once I get money from my
friends in Nigeria), I get a lot of spams with attachments,
usually .zip, that are obviously malware that I'd like to
open up safely and see how they tick. I'm hoping to pick up
some interesting pen-test techniques by looking at the
current state of malware exploits to see how they
work/reproduce/hide at the system level. While most of them I
assume will be run-of-the-mill spambot or zombie generators,
there's always a chance of running across a 0-day in the wild.
My question to all of you is what are some basic sandbox
tools you would recommend to pursue this? Does anyone work in
a similar vein and has the experience been helpful in your
pen-testing work?
--
Erin Carroll
"Do Not Taunt Happy-Fun Ball"
