How Advanced Malware Bypasses Process Monitoring. Today, NSS Labs released a report detailing the performance of several vendors’ ability to detect advanced attacks.
We declined to participate in this test because we believe the NSS methodology is severely flawed. In fact, the FireEye product they used was not even fully functional, leveraged an old version of our software and didn’t have access to our threat intelligence (unlike our customers). We did participate in the BDS test in 2013 and at that time we also commented on the flaws of the testing methodology. In fact, we insisted that the only way to properly test was to run in a REAL environment. Pymsasid - A pure python disassembling library. Project description Pym's is a pure python disassembly library.
It is merely a port of udis86 to python. At the moment it is a one shot project. Linux’s ptrace API sucks! I love Linux, as a developer, I find the tools available suit my style of work perfectly.
Sometimes the tool that I want isn’t available. That’s OK though, because whenever I can, I try to contribute. Cygwin-patches - Fix strace tracing of forked processes when attaching to a process with. Linux Threads Through a Magnifier: Remote Threads. Source code for this article may be found here.
Sometimes, a need may rise to start a thread in a separate process and the need is not necessarily malicious. For example, one may want to replace library functions or to place some code between the executable and a library function. Introducing_sulley. The sulley fuzzing framework! (A basic example walkthrough) Control Flow Analysis. Python testing frameworks : Make your life easy with a Python testing framework. The days of the Wild West are coming to their end in the world of Python testing.
It was not many years ago that nearly every project built with Python seemed to have its own idioms and practices for writing and running tests. But now, the frontier is finally beginning to close. The community is rallying around a few leading solutions that are bringing convenience and common standards to the test suites of hundreds of popular projects.
This is the first in a series of three articles that will serve as a guide to the new testing frameworks. In this article, you will be introduced to three popular testing frameworks and see the radically simpler test style that the newest generation of tools are encouraging. Preferred Python unit-testing framework. Installation and quick start — nose 1.2.1 documentation. Nose extends unittest to make testing easier.
On most UNIX-like systems, you’ll probably need to run these commands as root or using sudo. Install nose using setuptools/distribute: Or pip: Or, if you don’t have setuptools/distribute installed, use the download link at right to download the source package, and install it in the normal fashion: Ungzip and untar the source package, cd to the new directory, and: However, please note that without setuptools/distribute installed, you will not be able to use third-party nose plugins. Helps you write better programs. A mature full-featured Python testing tool provides easy no-boilerplate testing scales from simple unit to complex functional testing.
PyUnit - the standard unit testing framework for Python. CR tools - CRIU. Criu is an utility to checkpoint/restore a process tree.
 Tools installation Get the latest release: criu-1.2.tar.bz2 Released: 26 Feb 2014 Changes: git commit v1.2. Another bottle at sea: building with Scons & MSVC8 using PCH with PDB and /Zi. Some note concerning my current attempts to evaluate Scons 1.2 for my needs to replace my 'pure' Visual Studio solutions builds.
After trying to automatically convert my solutions to Scons scripts, which did not work at all, I decided to start from scratch. I easily got the bare build and link done on one of my modules. And I tried to gradually introduce 'features' in my build : namely Precompiled header (PCH) support, and Debug information generation. Generating and Deploying Debug Symbols with Microsoft Visual C++ 6.0. Shaun Miller Microsoft Corporation July 2000 Summary: This article discusses the process of generating debug symbols in order to locate problems in your application. (7 printed pages)
DrMingw (EXCHNDL.DLL) Dr. Mingw is a Just-in-Time (JIT) debugger. When the application throws an unhandled exception, Dr. Mingw attaches itself to the application and collects information about the exception, using the available debugging information. GRINDER. I'm open sourcing a portion of my system for browser fuzzing called Grinder. Comprised of two main components, many Grinder Nodes are setup to perform the fuzzing of various browsers while a single Grinder Server will collate the results and provides a simple web interface for managing a large number of crashes.
A few screenshots should give you the gist of things... Screenshot_crash.png (PNG Image, 737 × 556 pixels) Apache Thrift. Welcome to ZeroC, the Home of Ice. Protobuf - Protocol Buffers - Google's data interchange format - Google Project Hosting.url. What is it?
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Latest Updates Documentation. Welcome to Apache Avro! BERT and BERT-RPC 1.0 Specification. The MessagePack Project. Msgpack-pure 0.1.3. Package Index > msgpack-pure > 0.1.3 Not Logged In Status. Msgpack/msgpack - GitHub. Hooking the native API and controlling process creation on a system-wide basis. Introduction Recently I came across the description of a quite interesting security product, called Sanctuary. This product prevents execution of any program that does not appear on the list of software that is allowed to run on a particular machine. As a result, the PC user is protected against various add-on spyware, worms and trojans - even if some piece of malware finds its way to his/her computer, it has no chance of being executed, and, hence, has no chance of causing any damage to the machine.
Certainly, I found this feature interesting, and, after a bit of thinking, came up with my own implementation of it. Therefore, this article describes how process creation can be programmatically monitored and controlled on a system-wide basis by means of hooking the native API. Detecting Windows NT/2K process execution.