Re: Exploit package analysis

From: Justin Ferguson (jnferguson@gmail.com)
Date: Thu Jul 28 2005 - 20:44:53 EDT

• Next message: Anthony: "Best Deal for Real Víagra!"
• Previous message: Jose Varghese: "RE: Is there any way to measure IT Security??"
• In reply to: Todd Towles: "RE: Exploit package analysis"
• Next in thread: Eyal Udassin: "RE: Exploit package analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you are using windows, then IDA, if you are using unix, then
objdump. You do not need a sandbox, just need to know how to read
assembly.

On 7/28/05, Todd Towles <toddtowles@brookshires.com> wrote:
> A bit off-topic, but I would look into VMWare. There are several Linux
> tools that will work the same as well. A separate OS environment would
> be very helpful in your new interest. Plus, it is very easy to go back
> to a fresh OS state after a malware analyzing session.
>
> > -----Original Message-----
> > From: Erin Carroll [mailto:amoeba@amoebazone.com]
> > Sent: Thursday, July 28, 2005 11:45 AM
> > To: pen-test@securityfocus.com
> > Subject: Exploit package analysis
> >
> > All,
> >
> > Some of the fun of moderating this list is getting a wide
> > exposure to aspects of pen-testing I have yet to tackle. One
> > thing managing the list has prompted me to explore is
> > exploit/code package analysis... thanks to all the spam I get
> > to sift through :)
> >
> > In addition to worrying about my poker game, manly endowment
> > & performance, and Rolex collection (once I get money from my
> > friends in Nigeria), I get a lot of spams with attachments,
> > usually .zip, that are obviously malware that I'd like to
> > open up safely and see how they tick. I'm hoping to pick up
> > some interesting pen-test techniques by looking at the
> > current state of malware exploits to see how they
> > work/reproduce/hide at the system level. While most of them I
> > assume will be run-of-the-mill spambot or zombie generators,
> > there's always a chance of running across a 0-day in the wild.
> >
> > My question to all of you is what are some basic sandbox
> > tools you would recommend to pursue this? Does anyone work in
> > a similar vein and has the experience been helpful in your
> > pen-testing work?
> >
> >
> > --
> > Erin Carroll
> > "Do Not Taunt Happy-Fun Ball"
> >
> >
>

• Next message: Anthony: "Best Deal for Real Víagra!"
• Previous message: Jose Varghese: "RE: Is there any way to measure IT Security??"
• In reply to: Todd Towles: "RE: Exploit package analysis"
• Next in thread: Eyal Udassin: "RE: Exploit package analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:40 EDT