How Advanced Malware Bypasses Process Monitoring
Project description Pym's is a pure python disassembly library. It is merely a port of udis86 to python. At the moment it is a one shot project. pymsasid - A pure python disassembling library
I love Linux, as a developer, I find the tools available suit my style of work perfectly. Sometimes the tool that I want isn’t available. That’s OK though, because whenever I can, I try to contribute. Linux’s ptrace API sucks! | Evan Teran’s Blog
On Tue, Sep 13, 2011 at 01:04:55PM +0100, Jon TURNEY wrote: cygwin-patches - Fix strace tracing of forked processes when attaching to a process with --pid
Source code for this article may be found here. Sometimes, a need may rise to start a thread in a separate process and the need is not necessarily malicious. For example, one may want to replace library functions or to place some code between the executable and a library function. Linux Threads Through a Magnifier: Remote Threads
The sulley fuzzing framework! (A basic example walkthrough)
Control Flow Analysis
Python testing frameworks : Make your life easy with a Python testing framework The days of the Wild West are coming to their end in the world of Python testing. It was not many years ago that nearly every project built with Python seemed to have its own idioms and practices for writing and running tests. But now, the frontier is finally beginning to close.
Preferred Python unit-testing framework
Installation and quick start — nose 1.2.1 documentation nose extends unittest to make testing easier.
a mature full-featured Python testing tool provides easy no-boilerplate testing scales from simple unit to complex functional testing helps you write better programs
PyUnit - the standard unit testing framework for Python
criu is an utility to checkpoint/restore a process tree. CR tools - CRIU
another bottle at sea: building with Scons & MSVC8 using PCH with PDB and /Zi Some note concerning my current attempts to evaluate Scons 1.2 for my needs to replace my 'pure' Visual Studio solutions builds. After trying to automatically convert my solutions to Scons scripts, which did not work at all, I decided to start from scratch. I easily got the bare build and link done on one of my modules. And I tried to gradually introduce 'features' in my build : namely Precompiled header (PCH) support, and Debug information generation.
Shaun Miller Microsoft Corporation July 2000 Summary: This article discusses the process of generating debug symbols in order to locate problems in your application. (7 printed pages) Generating and Deploying Debug Symbols with Microsoft Visual C++ 6.0
DrMingw (EXCHNDL.DLL) Dr. Mingw is a Just-in-Time (JIT) debugger. When the application throws an unhandled exception, Dr. Mingw attaches itself to the application and collects information about the exception, using the available debugging information.
I'm open sourcing a portion of my system for browser fuzzing called Grinder. Comprised of two main components, many Grinder Nodes are setup to perform the fuzzing of various browsers while a single Grinder Server will collate the results and provides a simple web interface for managing a large number of crashes. A few screenshots should give you the gist of things... GRINDER
screenshot_crash.png (PNG Image, 737 × 556 pixels)
Welcome to ZeroC, the Home of Ice
protobuf - Protocol Buffers - Google's data interchange format - Google Project Hosting.url What is it? Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Latest Updates http://protobuf.googlecode.com/svn/trunk/CHANGES.txt Documentation
BERT and BERT-RPC 1.0 Specification
msgpack-pure 0.1.3 Package Index > msgpack-pure > 0.1.3 Not Logged In msgpack-pure 0.1.3
msgpack/msgpack - GitHub
Introduction Recently I came across the description of a quite interesting security product, called Sanctuary. This product prevents execution of any program that does not appear on the list of software that is allowed to run on a particular machine. As a result, the PC user is protected against various add-on spyware, worms and trojans - even if some piece of malware finds its way to his/her computer, it has no chance of being executed, and, hence, has no chance of causing any damage to the machine. Certainly, I found this feature interesting, and, after a bit of thinking, came up with my own implementation of it. Therefore, this article describes how process creation can be programmatically monitored and controlled on a system-wide basis by means of hooking the native API. Hooking the native API and controlling process creation on a system-wide basis
Detecting Windows NT/2K process execution