[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] iDEFENSE Labs Releases Malcode Analyst Pack

iDEFENSE Labs has released a new open source package related to
malicious code analysis which is available for download from:


Authored by David Zimmer, the Malcode Analyst Pack contains the
following GUI driven utilities:

FakeDNS    - A minimal DNS server allowing the user to have all DNS
             queries resolve to a predefined IP.

IDCDumpFix - This tool can be used to associate API names to IAT
             addresses for IDA disassemblies of raw memory dumps. Fast,
             simple technique to get a readable disassembly for
             arbitrarily packed executables.

MailPot    - A small lab-quality tool for capturing e-mails sent out by
             trojans and mass mailers.

SCLog      - Shellcode research and testing application that loads and
             executes shellcode within the context of an API hooking
             framework. Provides a runtime output log of APIs called
             while blocking certain dangerous functions. (Not for use
             outside of lab VM environments).

ShellExt   - This utility adds three shell extensions to the Windows
             Explorer right-click context menu:

             1) "Decompile" context menu item is added for CHM files.

             2) "Strings" context menu is added for all files. This
                 feature extracts all ASCII and Unicode strings from the
                 specified file and displays the results in a popup

             3) "Hash Files" context menu is added for all folders. This
                 feature displays the name, size and MD5 hash of all
                 files in the specified folder in a popup form.

SniffHit   - A lightweight specialized HTTP/IRC sniffer designed to
             extract target communication data and present it in an
             easily viewable (and copy-able) interface.

SocketTool - A graphical TCP Client designed to allow the user to easily
             send text or binary data to a server, probing for

More information and source code are available in the bundled install

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/