mailing list archives
New Tools from Imperva ADC
From: "Imperva Application Defense Center" <adc () imperva com>
Date: Mon, 10 May 2004 22:05:25 +0200
Imperva(tm)'s Application Defense Center has released two new security
testing tools. These tools are aimed at testing of Client-Server
applications, where the Client behavior's needs to be analyzed.
The first tool, Dl-Hell, easily identifies DLL's called by an executable
or another DLL. This can be useful for identifying a dll that is related
to security calls, which can then be replaced by a DLL created by the
tester. The second tool, PassLoc, allows graphically locating the
existance of an encryption key inside an executable file (based on Adi
Shamir's "Playing hide and seek with encryption keys").
The tools can be obtained in the following URL's:
Both tools were created by Moran Surf, an Application Security Expert in
Detailed Description of the Tools:
The Dl-Hell tool is an easy to use tool for identifying an executable's
dynamic link library (DLL) files, and their relations. Given an
executable, the tool returns a list of possible DLL files that it uses,
including the functions within those that it calls, and possibly the
type of parameters they receive (this depends on the type of export the
DLL files implement). Dl-Hell is a useful tool for locating calls to
external DLLs in applications that use those for security measurement.
For example, an application that does its encryption operation using one
of those DLLs, or an application that performs its authentication checks
in an external DLL. Dl-Hell can be scaled to become a tool for replacing
those DLLs with different ones, thus overriding operations in
executables. All of this is done without the sources.
Based on Adi Shamir's "Playing hide and seek with encryption keys"
article, which suggests a way for locating keys within a buffer (memory,
large file, etc.). The PassLoc tool accepts a file as input and returns
a graphical plot of its content where the most random part of the file
is colored. The article suggests that due to the random nature of long
keys put in non-random files, the human eye can easily distinguish the
key given a sufficiently long file.
Imperva's Application Defense Center
- New Tools from Imperva ADC Imperva Application Defense Center (May 11)