How Advanced Malware Bypasses Process Monitoring. Today, NSS Labs released a report detailing the performance of several vendors’ ability to detect advanced attacks.
We declined to participate in this test because we believe the NSS methodology is severely flawed. In fact, the FireEye product they used was not even fully functional, leveraged an old version of our software and didn’t have access to our threat intelligence (unlike our customers). We did participate in the BDS test in 2013 and at that time we also commented on the flaws of the testing methodology. Pymsasid - A pure python disassembling library. Linux’s ptrace API sucks! Cygwin-patches - Fix strace tracing of forked processes when attaching to a process with. Linux Threads Through a Magnifier: Remote Threads.
Source code for this article may be found here.
Sometimes, a need may rise to start a thread in a separate process and the need is not necessarily malicious. For example, one may want to replace library functions or to place some code between the executable and a library function. However, Linux does not provide a system call that would do anything similar to CreateRemoteThread Windows API despite the fact that I see people searching for such functionality. Introducing_sulley. The sulley fuzzing framework! (A basic example walkthrough) Control Flow Analysis. Python testing frameworks : Make your life easy with a Python testing framework. The days of the Wild West are coming to their end in the world of Python testing.
It was not many years ago that nearly every project built with Python seemed to have its own idioms and practices for writing and running tests. But now, the frontier is finally beginning to close. The community is rallying around a few leading solutions that are bringing convenience and common standards to the test suites of hundreds of popular projects. This is the first in a series of three articles that will serve as a guide to the new testing frameworks. In this article, you will be introduced to three popular testing frameworks and see the radically simpler test style that the newest generation of tools are encouraging.
Preferred Python unit-testing framework. Installation and quick start — nose 1.2.1 documentation. Nose extends unittest to make testing easier.
On most UNIX-like systems, you’ll probably need to run these commands as root or using sudo. Install nose using setuptools/distribute: Or pip: Or, if you don’t have setuptools/distribute installed, use the download link at right to download the source package, and install it in the normal fashion: Ungzip and untar the source package, cd to the new directory, and: However, please note that without setuptools/distribute installed, you will not be able to use third-party nose plugins. This will install the nose libraries, as well as the nosetests script, which you can use to automatically discover and run tests. Now you can run tests for your project: Helps you write better programs. PyUnit - the standard unit testing framework for Python. CR tools - CRIU. Another bottle at sea: building with Scons & MSVC8 using PCH with PDB and /Zi.
Some note concerning my current attempts to evaluate Scons 1.2 for my needs to replace my 'pure' Visual Studio solutions builds.
After trying to automatically convert my solutions to Scons scripts, which did not work at all, I decided to start from scratch. I easily got the bare build and link done on one of my modules. And I tried to gradually introduce 'features' in my build : namely Precompiled header (PCH) support, and Debug information generation. Adding both was easy, using the Scons man page as a reference, I used a construct like this one : env['PCHSTOP'] = "precompiled.h" env['PCH'] = env.PCH( os.path.join(builddir, 'precompiled.cpp') ) env['PDB'] = os.path.join( builddir, "%s.pdb" % BASE_NAME )
Generating and Deploying Debug Symbols with Microsoft Visual C++ 6.0. Shaun Miller Microsoft Corporation July 2000 Summary: This article discusses the process of generating debug symbols in order to locate problems in your application. (7 printed pages) Contents Debug Symbol Generation.
DrMingw (EXCHNDL.DLL) Dr.
Mingw is a Just-in-Time (JIT) debugger. When the application throws an unhandled exception, Dr. Mingw attaches itself to the application and collects information about the exception, using the available debugging information. GRINDER. I'm open sourcing a portion of my system for browser fuzzing called Grinder.
Comprised of two main components, many Grinder Nodes are setup to perform the fuzzing of various browsers while a single Grinder Server will collate the results and provides a simple web interface for managing a large number of crashes. Screenshot_crash.png (PNG Image, 737 × 556 pixels) Apache Thrift. Welcome to ZeroC, the Home of Ice. Protobuf - Protocol Buffers - Google's data interchange format - Google Project Hosting.url.
What is it? Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Latest Updates Documentation Read the documentation. Discussion. Welcome to Apache Avro! BERT and BERT-RPC 1.0 Specification. The MessagePack Project.
Msgpack-pure 0.1.3. Package Index > msgpack-pure > 0.1.3 Not Logged In Status Nothing to report.
Msgpack/msgpack - GitHub. Hooking the native API and controlling process creation on a system-wide basis. Introduction Recently I came across the description of a quite interesting security product, called Sanctuary.
This product prevents execution of any program that does not appear on the list of software that is allowed to run on a particular machine. As a result, the PC user is protected against various add-on spyware, worms and trojans - even if some piece of malware finds its way to his/her computer, it has no chance of being executed, and, hence, has no chance of causing any damage to the machine. Certainly, I found this feature interesting, and, after a bit of thinking, came up with my own implementation of it. Therefore, this article describes how process creation can be programmatically monitored and controlled on a system-wide basis by means of hooking the native API. This article makes a "bold" assumption that the target process is being created by user-mode code (shell functions, CreateProcess(), manual process creation as a sequence of native API calls, etc).
Conclusion. Detecting Windows NT/2K process execution. Download source files - 33 Kb Abstract Intercepting and tracing process execution is a very useful mechanism for implementing NT Task Manager-like applications and systems that require manipulations of external processes. Notifying interested parties upon starting of a new processes is a classic problem of developing process monitoring systems and system-wide hooks. Win32 API provides set of great libraries (PSAPI and ToolHelp ) that allow you to enumerate processes currently running in the system.