pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Analize Virus

from [Robert McArdle] [Permanent Link][Original]
To: "Rafa Richart" <rafa@ontinet.com>
Subject: Re: Analize Virus
From: "Robert McArdle" <robertmcardle@gmail.com>
Date: Wed, 1 Aug 2007 10:24:38 +0100
Cc: pen-test@securityfocus.com
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nSThLeRFM+H6qcAm256LdBkPHsHXlfaXhQvTnevA9RpVZTuKw00xRWbFFNaUohY8kFwxQBH6OdZUWrmwhrzwvUKntJMcyYFkuhNzbqBx5+izfYtn7ZQ3IEMTPhkN0ldj5P0taLNlyVfe+IcpPVpmSqjs3qRUds1lrjbs0v5v+0w=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fOXw1qiQ9VqAJ64XOqVyCfdLVI8x+/m+FDhMlz6FfFM95ueX73S3np5Mq+Gog5tn6VvQ75UZEoypapOymMJVjBoREla8LRNW0L6Ywquu78thudCLsFjtaibyqrEgUfDWknAx05vg2Qlk22L+AnxfMV3afvHSNqVkdhq8bOw498I=
In-reply-to: <1862113696.20070731192813@ontinet.com>
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
References: <1862113696.20070731192813@ontinet.com>
Resent-date: Wed, 1 Aug 2007 20:38:57 -0600 (MDT)
Resent-from: pen-test-return-1078484746@securityfocus.com
Resent-message-id: <20070802023857.EDAE2237F9B@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
If it Blackbox testing you are looking for (i.e. see effects of the threat
on the system) as opposed to debugging / dissassembly, here are some to get
you started, although there are many other excellent apps

Regshot - Takes before/after snapshot of the registry/filesystem-
http://www.softpedia.com/get/Tweak/Registry-Tweak/Reg-Shot.shtml

Wireshark - Network Analyzer- www.wireshark.org

SysInternals (Now Microsoft) tools -
http://www.microsoft.com/technet/sysinternals/default.mspx

has a good few that are worth a look, specifically Process Monitor,
Autoruns, Process Explorer, etc

After that you'll want some Rootkit detectors like GMER or IceSword



Robert McArdle
--
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

On 7/31/07, Rafa Richart <Rafa@ontinet.com> wrote:
>
> Hi Pals,
>
> we're looking for some tools to analize the Malware behaivor, we've a Lab 
> under contrucción, but we need some advices of what tools we've to use. tools 
> to see what have benn changin the registry, stat conexions etc...
>
> Any help is wellcome.
>
> Thanks in advance
>
> Rafa
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>



-- 
www.RobertMcArdle.com/blog/ - Techie/Security/Inane Ramblings

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Looking to set up an infosec lab, Jamie Riden
Next by Date:  Re: Analize Virus, Colin Copley
Previous by Thread:  Re: Analize Virus, Jason Ross
Next by Thread:  Re: Analize Virus, Colin Copley
Indexes:  [Date] [Thread] [Top] [All Lists]