Full Disclosure: Re: MalBox Release! A Program Behavior Analysis System!

Re: MalBox Release! A Program Behavior Analysis System!

From: "-= Glowing Doom =-" <secn3t () gmail com>
Date: Sun, 15 May 2011 08:31:27 +1000

Very good question.. would be nice if the src was available, even as a web
based php script wich could then be used locally, or even rented with banner
to always show where it is from, that would be nice but yea, i doubt your
gonna do that :P
Still, it would be nice to see what is behind it..ie: honeypot system in
use, or sandbox model ? even if it is modified, atleast could tell us the
origins of the src, and if you gys coded it, i think you should get some
hints from shadowserver.de and honeypot.org, maybe look at some common
IDS/Forensic srcs,and see what it this problem about uploaded exes wich are
not showing up in results, that would be easy to debug if it is a communal
project,and you could only release the code to websites you approve of if
you want.
There is many avenues you guys could take this, but the first one, is fixing
it so it is 100% Browser friendly (EVEN with addon scripts people may use,
or atleast show a warning/error msg to show what the person must do...)
Thankyou guys, it still is a great project, i will support, but i hope it is
working today :)
xd



On 15 May 2011 08:24, Chris M <chris () nullroute net> wrote:

Yeah, and lets have some more info on the technology behind it :)

Open sauce?

Have you looked at any "enterprise" malware analysis platforms?

-C


On Sat, May 14, 2011 at 11:22 PM, -= Glowing Doom =- <secn3t () gmail com>wrote:

Hello ppl,
same , I had uploaded a KNOWN infected exe, and it loaded page, but then
returned nothing , Using firefox 4 browser, yes some script addons wich
prevent crapware,but other than that, it should have been swift to respond
with a positive, it did nothing but load in the browser, was a letdown,hope
you can get it to work cross browser, because would be a very handy app for
sure
xd



On 15 May 2011 07:55, Chris M <chris () nullroute net> wrote:

Not convinced.

Tried to upload a few samples, "only support EXE files" ---- no DLLs? yet
you take URLs? only to exes?

The file I upped was a PE file. Just with a renamed extension.

Also submitted a couple of "known bad" files and got a list of tcp ports
back.... how is this operating? _SHARED_ sandbox?

Whats it based on?

More information would be appreciated :)

-C

2011/5/13 CnCxzSec衰仔 <cncxzhack () gmail com>

                   .__ ___. _____ _____ | | \_ |__ ____ ___ ___ / \ \__
\ | | | __ \ / _ \\ \/ / | Y Y \ / __ \_| |__| \_\ \( <_> )> < |__|_| /(____
/|____/|___ / \____//__/\_ \ \/ \/ \/ \/ MalBox Release!!A Program Behavior
Analysis System! MalBox：A Program/Malware Behavior Analysis System, which is
able to analyze the local and network behaviors of a submitted malware,
including file/process/registry/network(irc,http,ect.) behaviors, and will
send the report to the submitter .

Welcome to use our MalBox: http://malbox.xjtu.edu.cn/

--------------------------------------
Malbox is always improving! If you want to contact us, send e-mail to
dflower.zs () gmail com
--------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
 I’m a hot-wired, heat seeking, warm-hearted cool customer, voice
activated and bio-degradable. I interface with my database, my database is
in cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
radioactive.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
 I’m a hot-wired, heat seeking, warm-hearted cool customer, voice activated
and bio-degradable. I interface with my database, my database is in
cyberspace, so I’m interactive, I’m hyperactive and from time to time I’m
radioactive.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

MalBox Release! A Program Behavior Analysis System! CnCxzSec衰仔 (May 13)
- Re: MalBox Release! A Program Behavior Analysis System! -= Glowing Doom =- (May 13)
  - Re: MalBox Release! A Program Behavior Analysis System! CnCxzSec衰仔 (May 13)
    - Re: MalBox Release! A Program Behavior Analysis System! Henri Salo (May 14)
    - Re: MalBox Release! A Program Behavior Analysis System! CnCxzSec衰仔 (May 14)
- Re: MalBox Release! A Program Behavior Analysis System! Chris M (May 14)
  - Re: MalBox Release! A Program Behavior Analysis System! -= Glowing Doom =- (May 14)
    - Re: MalBox Release! A Program Behavior Analysis System! Chris M (May 14)
    - Re: MalBox Release! A Program Behavior Analysis System! -= Glowing Doom =- (May 14)
  - Re: MalBox Release! A Program Behavior Analysis System! Henri Salo (May 14)
    - Re: MalBox Release! A Program Behavior Analysis System! 赵双 (May 15)
    - Re: MalBox Release! A Program Behavior Analysis System! DFlower (May 19)