読者です 読者をやめる 読者になる 読者になる

sec

impfuzzy

sec

Import APIとFuzzy Hashingでマルウエアを分類する ~impfuzzy~ https://www.jpcert.or.jp/magazine/acreport-impfuzzy.html ■インストール sudo apt-get install python-dev libfuzzy-dev sudo pip install pefile sudo apt-get install ssdeep git clone …

ioc-parser

Tool to extract indicators of compromise from security reports in PDF format https://github.com/armbues/ioc-parser $ ./ioc-parser.py -i pdf -o yara waterbug-attack-group.pdf rule waterbug_attack_group { strings: $Filename1 = "NDProxy.sys" …

AIL framework - Analysis Information Leak framework

sec

https://github.com/CIRCL/AIL-framework 別途「google snappy」をインストール https://code.google.com/p/snappy/

pystemon インストール

sec

sudo apt-get install python-pip sudo pip install PyYAML sudo pip install BeautifulSoup git clone https://github.com/cvandeplas/pystemon

[malware] Viper

sec

マルウェア管理、解析フレームワーク http://viper-framework.readthedocs.org/en/latest/index.html Viper is a binary analysis and management framework. sudo apt-get install gcc python-dev python-pip sudo pip install SQLAlchemy PrettyTable pyth…

[Mobile Forensics] [Android] Santoku-Linux

sec

https://santoku-linux.com/

[Memory Forensics] メモリフォレンジック

sec

lsass.exeの正しい位置 winlogon.exe | --- lsass.exe --- services.exe | --- Process_A.exe --- Process_B.exe --- Process_B.exe --- Process_B.exe --- Process_B.exe --- Process_B.exe ※「lsass.exe」は一つのみ、複数ある場合はおかしい。 ※「lsass.e…

[forensics] SuperTimeline

sec

【旧】 # mount -o loop,ro,show_files,streams_interface=windows,offset=32256 /mnt/hgfs/image.dd /mnt/windows_mount # log2timeline -z Japan -p -r -f winxp /mnt/windows_mount -w supertimeline.txt # l2t_process -b supertimeline.txt > supertime…

INetSim: Internet Services Simulation Suite

sec

偽サーバ,DNS,HTTPなど INetSim: Internet Services Simulation Suite - Project Homepage # Available service names are: # dns, http, smtp, pop3, tftp, ftp, ntp, time_tcp, # time_udp, daytime_tcp, daytime_udp, echo_tcp, # echo_udp, discard_tcp,…

FREE Security Training

sec

Home Page - www.SecurityXploded.com

[forensics] Memory Forensics (Windows,Mac and Linux)

sec

2010 2013 sandro suffert memory forensics introdutory work shop - pub…

[malware] Malware-Analyzer.com

sec

Malware-Analyzer.com is your solution to malware analysis tools, resources, and discounted malware reverse engineer training. Malware-Analyzer.com has a variety of tools from automated analysis to memory forensics. If you have a malware an…

[decode] [malware] UnBup - McAfee BUP Extractor for Linux

sec

Open Security Research: UnBup - McAfee BUP Extractor for Linux

PE-bear

sec

PE-bear | hasherezade's 1001 nights

PeStudio

sec

winitor

PyKd - Python extension to access Debug Engine

sec

Python extension for WinDbg Python extension for WinDbg - Home

the PE analysis toolkit

sec

pev download | SourceForge.net]

PEV PE ANALYSIS TOOLKIT

sec

Reversing PE executable files require a special tools because the payload that may contain the malware in PE files is packed inside another executable file that can be a legitimate. This makes a standard static analyses tool wont be able t…

【要注意】 玄関の「U字ロック」はひもで簡単に開けられるらしい  強姦目的で解錠し侵入した男「方法はネットで調べた」 (動画あり)

sec

【要注意】 玄関の「U字ロック」はひもで簡単に開けられるらしい 強姦目的で解錠し侵入した男「方法はネットで調べた」 (動画あり) | ニュース2ちゃんねる

Penetration Test Report

sec

offensive-security http://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf

Malware Analysis: The State of Java Reversing Tools

sec

obfuscation Ghetto Forensics: Malware Analysis: The State of Java Reversing Tools

Mount shadow volumes on disk images

sec

Mount shadow volumes on disk images - ForensicsWiki

metasploitable-linux-2.0.0

sec

Metasploitable is an intentionally vulnerable Linux virtual machine Metasploitable - Browse /Metasploitable2 at SourceForge.net

tree-cbass

sec

Taint-enabled Reverse Engineering Environment on top of a Cross-platform Binary Symbolic execution System tree-cbass - Taint-enabled Reverse Engineering Environment on top of a Cross-platform Binary Symbolic execution System - Google Proje…

ostinato

sec

Packet/Traffic Generator and Analyzer Ostinato

CanSecWest slide

sec

CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada

[malware] APT1: technical backstage

sec

http://www.malware.lu/Pro/RAP002_APT1_Technical_backstage.1.0.pdf

Getting Started with Linux Memory Forensics

sec

SANS Digital Forensics and Incident Response Blog | Getting Started with Linux Memory Forensics | SANS Institute

Using Google.com to find Usernames and Passwords

sec

http://backtrack-page.blogspot.com/2013/07/facebook-easy-using-googlecom-to-find.html

[md5] [crack]Best sites that crack MD5 hashes

sec

http://backtrack-page.blogspot.com/2013/07/best-sites-that-crack-md5-hashes.html http://www.tmto.org http://md5.noisette.ch http://md5decryption.com http://www.c0llision.net http://www.netmd5crack.com http://www.md5decrypter.com http://md5…

[forensic] NTDS.DIT Forensics

sec

http://www.ntdsxtract.com/downloads/ntdsxtract/ntds_forensics.pdf

[malware] The Citadel crimeware kit - under the microscope

sec

The Citadel crimeware kit – under the microscope | Naked Security

[malware] Citadel Trojan Malware Analysis

sec

http://botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf

Revelo

sec

Deobfuscate Javascript Tools | Kahu Security Deobfuscating Javascript with Revelo | Kahu Security

[malware] [unpack] Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0

sec

http://reversengineering.wordpress.com/category/tools/unpackers/

virustotal-search.py

sec

Update: virustotal-search.py | Didier Stevens

Forensic Analysis of Microsoft Internet Explorer Cookie Files.pdf

sec

Forensic Analysis of Microsoft Internet Explorer Cookie Files.pdf - Google ドライブ

Viewing ELF Binary Signatures.pdf

sec

Viewing ELF Binary Signatures.pdf - Google ドライブ

Recon 2013 Slides スライド

sec

Index of /2013/slides/

[CTF] Defcon 21 Quals Writeupとかをまとめる予定地

sec

Defcon 21 Quals Writeupとかをまとめる予定地 - piyolog

exploit-exercises.com

sec

Exploit Exercises

DEFCON CTF Quals の write up 書いてみた

sec

DEFCON CTF Quals の write up 書いてみた - wakatonoの戯れメモ

多発するWeb改ざんに備えてinotifywaitによる改ざん検知を導入した

sec

多発するWeb改ざんに備えてinotifywaitによる改ざん検知を導入した | 徳丸浩の日記 logging $ inotifywait -r -m /home/ubuntu/test > xxxx.log $ more xxxx.log /home/ubuntu/test/ CREATE xxxx /home/ubuntu/test/ OPEN xxxx /home/ubuntu/test/ ATTRIB xx…

Windows7でのRDP時のイベントログ証跡

sec

RDPサービス開始 ログの名前: Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational イベント ID: 258 リスナー RDP-Tcp によりリッスンが開始されましたRDP受信 イベント ID: 261 リスナー RDP-Tcp で接続を受信しました ログの名前: S…

Windows7でのログオン時のイベントログ証跡(OfflineFilesログとの比較)

sec

イベントログ Securityログ OfflineFilesログ 起動時 イベントID:4624 イベントID:7(ログオン) ログオンタイプ:2 イベントID:8(ログオフ) スクリーンロックからのログオン イベントID:4624 無し ログオンタイプ:7

Indicators of Compromise in Memory Forensics

sec

http://www.sans.org/reading_room/whitepapers/forensics/indicators-compromise-memory-forensics_34162

Using IOC (Indicators of Compromise) in Malware

sec

Forensics http://www.sans.org/reading_room/whitepapers/incident/ioc-indicators-compromise-malware-forensics_34200

[CTF]

sec

Flaggers CTFtime.org / All about CTF (Capture The Flag)

Attack wave on Ruby on Rails

sec

Attack wave on Ruby on Rails - The H Open: News and Features

Tools for Examining XOR Obfuscation for Malware Analysis

sec

SANS Digital Forensics and Incident Response Blog | Tools for Examining XOR Obfuscation for Malware Analysis | SANS Institute