background preloader


Facebook Twitter

How Advanced Malware Bypasses Process Monitoring. Today, NSS Labs released a report detailing the performance of several vendors’ ability to detect advanced attacks.

How Advanced Malware Bypasses Process Monitoring

We declined to participate in this test because we believe the NSS methodology is severely flawed. In fact, the FireEye product they used was not even fully functional, leveraged an old version of our software and didn’t have access to our threat intelligence (unlike our customers). We did participate in the BDS test in 2013 and at that time we also commented on the flaws of the testing methodology. Pymsasid - A pure python disassembling library. Project description. Linux’s ptrace API sucks! I love Linux, as a developer, I find the tools available suit my style of work perfectly.

Linux’s ptrace API sucks!

Sometimes the tool that I want isn’t available. Cygwin-patches - Fix strace tracing of forked processes when attaching to a process with. On Tue, Sep 13, 2011 at 01:04:55PM +0100, Jon TURNEY wrote: Looks good.

cygwin-patches - Fix strace tracing of forked processes when attaching to a process with

Please check in. Linux Threads Through a Magnifier: Remote Threads. Source code for this article may be found here.

Linux Threads Through a Magnifier: Remote Threads

Sometimes, a need may rise to start a thread in a separate process and the need is not necessarily malicious. For example, one may want to replace library functions or to place some code between the executable and a library function. However, Linux does not provide a system call that would do anything similar to CreateRemoteThread Windows API despite the fact that I see people searching for such functionality. Introducing_sulley. The sulley fuzzing framework! (A basic example walkthrough)

Control Flow Analysis. Python testing frameworks : Make your life easy with a Python testing framework. The days of the Wild West are coming to their end in the world of Python testing.

Python testing frameworks : Make your life easy with a Python testing framework

It was not many years ago that nearly every project built with Python seemed to have its own idioms and practices for writing and running tests. But now, the frontier is finally beginning to close. The community is rallying around a few leading solutions that are bringing convenience and common standards to the test suites of hundreds of popular projects. This is the first in a series of three articles that will serve as a guide to the new testing frameworks. In this article, you will be introduced to three popular testing frameworks and see the radically simpler test style that the newest generation of tools are encouraging. Preferred Python unit-testing framework. Installation and quick start — nose 1.2.1 documentation. Nose extends unittest to make testing easier.

Installation and quick start — nose 1.2.1 documentation

On most UNIX-like systems, you’ll probably need to run these commands as root or using sudo. Install nose using setuptools/distribute: Or pip: Or, if you don’t have setuptools/distribute installed, use the download link at right to download the source package, and install it in the normal fashion: Ungzip and untar the source package, cd to the new directory, and: However, please note that without setuptools/distribute installed, you will not be able to use third-party nose plugins.

This will install the nose libraries, as well as the nosetests script, which you can use to automatically discover and run tests. Now you can run tests for your project: Helps you write better programs. A mature full-featured Python testing tool.

helps you write better programs

PyUnit - the standard unit testing framework for Python. CR tools - CRIU. Criu is an utility to checkpoint/restore a process tree.

CR tools - CRIU

[edit] Tools installation Get the latest release: Another bottle at sea: building with Scons & MSVC8 using PCH with PDB and /Zi. Some note concerning my current attempts to evaluate Scons 1.2 for my needs to replace my 'pure' Visual Studio solutions builds.

another bottle at sea: building with Scons & MSVC8 using PCH with PDB and /Zi

After trying to automatically convert my solutions to Scons scripts, which did not work at all, I decided to start from scratch. I easily got the bare build and link done on one of my modules. Generating and Deploying Debug Symbols with Microsoft Visual C++ 6.0. Shaun Miller Microsoft Corporation July 2000 Summary: This article discusses the process of generating debug symbols in order to locate problems in your application. (7 printed pages) Contents Debug Symbol Generation.

Generating and Deploying Debug Symbols with Microsoft Visual C++ 6.0

DrMingw (EXCHNDL.DLL) Dr. Mingw is a Just-in-Time (JIT) debugger. When the application throws an unhandled exception, Dr. Mingw attaches itself to the application and collects information about the exception, using the available debugging information. GRINDER. I'm open sourcing a portion of my system for browser fuzzing called Grinder. Comprised of two main components, many Grinder Nodes are setup to perform the fuzzing of various browsers while a single Grinder Server will collate the results and provides a simple web interface for managing a large number of crashes.

A few screenshots should give you the gist of things... Screenshot_crash.png (PNG Image, 737 × 556 pixels) Apache Thrift. Welcome to ZeroC, the Home of Ice. Protobuf - Protocol Buffers - Google's data interchange format - Google Project Hosting.url. What is it? Protocol Buffers are a way of encoding structured data in an efficient yet extensible format.

Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Latest Updates Documentation Read the documentation. Discussion Visit the discussion group. Quick Example. Welcome to Apache Avro! BERT and BERT-RPC 1.0 Specification. The MessagePack Project. Msgpack-pure 0.1.3. Package Index > msgpack-pure > 0.1.3 Not Logged In Status Nothing to report.

Msgpack/msgpack - GitHub. Hooking the native API and controlling process creation on a system-wide basis. Introduction Recently I came across the description of a quite interesting security product, called Sanctuary. This product prevents execution of any program that does not appear on the list of software that is allowed to run on a particular machine. Detecting Windows NT/2K process execution. Download source files - 33 Kb Abstract Intercepting and tracing process execution is a very useful mechanism for implementing NT Task Manager-like applications and systems that require manipulations of external processes.