|
Penetration Testing
mailing list archives
Re: Analize Virus
From: "Jason Ross" <algorythm () gmail com>
Date: Wed, 1 Aug 2007 00:03:42 -0400
On 7/31/07, Rafa Richart <Rafa () ontinet com> wrote:
we're looking for some tools to analize the Malware behaivor, we've
a Lab under contruccion but we need some advices of what tools we've
to use. tools to see what have benn changin the registry, stat
conexions etc...
I've found VmWare Server (the free version) to be especially useful
for this purpose.
I use "What Changed" (which is available from [among other places]
http://majorgeeks.com/What_Changed_d5018.html to compare files and
registry hives which have changed, and have had decent results with it.
I have heard good things about the "Reg Shot" app
( http://majorgeeks.com/RegShot_d965.html ) but haven't used it myself.
Of course, wirehark is essential (in my opinion), as are the various
utilities previously offered from sysinternals (now microsoft) ...
in particular i find pstools and tcpview to be very handy.
The collection of these is at the technet site:
http://www.microsoft.com/technet/sysinternals/default.mspx
You also may find it useful to have some form of disassembler/debugger.
I am fond of ollydbg for this purpose, which is available at
http://www.ollydbg.de
It's probably worth noting that the craftier malware authors are
beginning to check to see if they are running in a vmware environment.
Accordingly it may be useful to take some countermeasures to that if
possible. See http://isc.sans.org/diary.html?storyid=1871 for some
information on this.
Regards,
--
Jason Ross
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
