| To: | "Rafa Richart" <rafa@ontinet.com> |
|---|---|
| Subject: | Re: Analize Virus |
| From: | "Colin Copley" <colin.75@btinternet.com> |
| Date: | Wed, 1 Aug 2007 17:23:59 +0100 |
| Cc: | <pen-test@securityfocus.com> |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=s1024; d=btinternet.com; h=Received:X-YMail-OSG:Message-ID:Reply-To:From:To:Cc:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE; b=nV0ySLSYQzGKre7g5sKNjXz89o3BxdzGHbw0+HnHlfLZFo2zFoz2kUQoyE13TbEOOnF9RGYFMWAg0WTpSwiIkRQ6dsY+pH6MsHa5zyEsFbhQfbh1OelC1AAexZGOSoOaeSqsYKbPpauoHMEarvGJOTw9pOXPjGR9k0Ugc507xUQ= ; |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <1862113696.20070731192813@ontinet.com> |
| Reply-to: | "Colin Copley" <colin.75@btinternet.com> |
| Resent-date: | Wed, 1 Aug 2007 20:39:02 -0600 (MDT) |
| Resent-from: | pen-test-return-1078484747@securityfocus.com |
| Resent-message-id: | <20070802023902.6602E237D13@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
>From: "Rafa Richart" <Rafa@ontinet.com> >To: <pen-test@securityfocus.com> >Sent: Tuesday, July 31, 2007 6:28 PM >Subject: Analize Virus > >we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices of what tools we've to use. tools to see what >have benn changin the registry, stat conexions etc... Hi You might want to try one of the malware/virus lists as well, but here's some apps you'll probably find useful: A virtual machine environment:- MS Virtual Machine and /or VMware Dynamic analysis:- Regmon & Filemon, from Sysinternals, now at MS Technet (Strings, Process Explorer, Autoruns, & Rootkit Revealer are also useful to have handy, also from Sysinternals) Simple DOS scripts can help to create your baselines before running a virus. You'll also need a selection of unpackers, decompilers, debuggers, disassemblers and hex editors. I've found these useful: PEid MewUnpacker Hexplorer / Hiew Softice IDA w32dasm Just google for links, but handle the unpackers with care, some are trojans. Kind Regards Colin ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Analize Virus, Robert McArdle |
|---|---|
| Next by Date: | Re[2]: Analize Virus, Rafa Richart |
| Previous by Thread: | Re: Analize Virus, Robert McArdle |
| Next by Thread: | RE: Analize Virus, Matt Steer |
| Indexes: | [Date] [Thread] [Top] [All Lists] |