477 matches found
SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
SUMMARY Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code. The attacker can also cause deni...
oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging
oletools is a package of python tools to analyze Microsoft OLE2 files also called Structured Storage, Compound File Binary Format or Compound Document File Format, such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the...
Open Source Malware Analysis Platform: FAME
Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...
Online Malware & URL Analysis: MalSub
Online Malware & URL Analysis malsub is a Python 3.6.x framework that wraps several web services of online malware and URL analysis sites through their RESTful Application Programming Interfaces APIs . It supports submitting files or URLs for analysis, retrieving reports by hash values, domains,...
Malware Information Sharing Platform: MISP
Malware Information Sharing Platform MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is...
SA141 : OpenSSL Vulnerabilities 26-Jan-2017
SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...
Portable Malware Analysis Sandbox: Noriben
Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...
Noriben - Portable, Simple, Malware Analysis Sandbox
Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...
SA136 : OpenSSH Vulnerabilities
SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...
Cosa Nostra - A FOSS Graph Based Malware Clusterization Toolkit
Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Getting started Required 3rd party tools In order to use...
Malware Analysis Windows VM: Malboxes
Malware Analysis Windows VM Vagrant box builder and config generator for malware analysis. The malware battle online is far from being over. Several thousands of new malware binaries are collected by antivirus companies every day. Most organizations don’t have the expertise on staff to know if th...
Open Source Malware Clusterization Toolkit: Cosa Nostra
Open Source Malware Clusterization Toolkit Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Required 3rd...
SA135 : OpenSSL Vulnerabilities 10-Nov-2016
SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain SSL/TLS session key information. AFFECTED PRODUCTS The following products are vulnerable: Director -...
DracOS - Lightweight and Powerful Penetration Testing OS
Dracos Linux www.dracos-linux.org is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testin...
Automated Memory Analyzer For Malware Samples: VolatilityBot
Automated Memory Analyzer For Malware Samples VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automaticall...
Free Open Source Self Hosted VirusTotal: Malice
Free Open Source Self Hosted VirusTotal Malice’s mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.’ Ubuntu Install: Install Go $ sudo add-apt-repository ppa:ubuntu-lxc/lxd-stable $ sudo apt-get updat...
One Click Symbolic Execution: Ponce
Ponce pronounced ‘poN θe pon-they is an IDA Pro plugin that provides users the ability to perform taint analysis and symbolic execution over binaries in an easy and intuitive fashion. With Ponce you are one click away from getting all the power from cutting edge symbolic execution. Entirely writt...
SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961
SUMMARY Blue Coat products that include a vulnerable version of an operating system that supports RFC 5961 are susceptible to a TCP session hijacking vulnerability. A remote, off-path attacker can infer the sequence numbers of an existing TCP connection, and either reset the connection or inject...