forensics

< Malware < anti-Malware < malware < analysis < tools < programming < delicious <
TwitterFacebook
Get flash to fully experience Pearltrees
http://www.honeynet.org/node/812

Congratulations to the winners of Forensic Challenge FC10- Attack Visualization ! | The Honeynet Project

While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.
取证

Hachoir is a Python library that allows to view and edit a binary stream field by field. In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files. A file is split in a tree of fields, where the smallest field is just one bit. There are other fields types: integers, strings, bits, padding types, floats, etc. Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes; Hachoir is used by computer butchers to divide binary files into fields.

haypo / hachoir / wiki / Home — bitbucket.org

https://bitbucket.org/haypo/hachoir/wiki/Home
A large number of security researchers use Virtual Machines when analyzing malware and/or setting up both active and passive honeynets. There a numerous reasons for this, including: scalability, manageability, configuration and state snapshots, ability to run diverse operating systems, etc.. Malware that attempts to detect if it’s running in a Virtual Machine (then change its behavior accordingly to prevent analysis by security people) is not a subject of academic fancy.

Network Forensics Blog

http://www.networkforensics.com/
http://www.malforge.com/ With these new updates, Rule2Alert has a 88.5% alert rate on the successfully loaded rules in emerging-all.rules as seen in the image below: This improved detection rate is due to the updates pushed recently to rule2alert. The added evasion technique is the altered ACK packet within the TCP 3-way handshake that was discussed here and originally here . The evasion technique is shown below using Rule2Alert: test.rule

Malware Forge

http://www.wotsit.org/ Welcome to Wotsit.org, the programmer's file and data format resource. This site contains information on hundreds of different file types, data types, hardware interface details and all sorts of other useful programming information; algorithms, source code, specifications, etc. The search box (above right) is the simplest way to find information on a specific file type, all resources are also listed by category via the links on the left. As you will have noticed Wotsit.org has undergone a long-overdue redesign.

Wotsit.org