Penetration Testing: Re: Analize Virus

["Andre' - SemperSecurus" <sempersecurus () gmail com>]

My $.02

For static or code analysis, I use IDAPro or Ollydbg as well as good
old 'strings' and 'objdump', I've also been starting to play with PE
Explorer lately.

For dynamic studies, I'll run wireshark on my host system and use a
combo of Winalysis, Process Explorer, filemon, and fport. Lately, I've
been kicking SysAnalyzer around a bit.

Keep in mind, more and more malware is becoming VMWare aware, so a
hardware solution such as a CoreRestore card might be a good
investment.

In general:

Behavioral Analysis:
Wireshark
Process Monitor
Process Explorer
FileMon
RegMon
TCPView
Winalysis
SysAnalyzer
Snort
tcpdump

Static Analysis:
AV Scanners
IDA Pro
Ollydbg
strings
Various unpackers
PE Explorer
LordPE
Google

HTH



On 7/31/07, Rafa Richart <Rafa () ontinet com> wrote:
> Hi Pals,
>
> we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices 
> of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...
>
> Any help is wellcome.
>
> Thanks in advance
>
> Rafa
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

-- 
Andre' M. Di Mino - SemperSecurus
The Shadowserver Foundation
http://www.shadowserver.org