Category Archives: Tools

Dealing with pcaps in windows using Fiddler/FiddlerCore

Posted on April 30, 2015 by hiddencodes

Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading

Posted in Malware, Malware Analyzer, Tools, Web, Windows | Tagged , , , , , , | Leave a comment

MITM Gmail SMTP STARTTLS Traffic in LAB machines

Posted on June 19, 2014 by hiddencodes

During auditing we may face with the challenge of MITM Gmail SMTP STARTTLS traffic to retrieve the email content/credentials. Most of the .Net programs does NOT allow connecting to a Secure server using a self-signed certificates. I used starttls-mitm (https://github.com/ipopov/starttls-mitm) … Continue reading

Posted in .Net, Google, Malware Analyzer, Tools, Windows | Tagged , , , | 1 Comment

pcap2file using Suricata in windows/linux

Posted on June 19, 2014 by hiddencodes

There is no easy way to automatically extract the files from the PCAP(not PCAP-NG). We can use Suricata to extract the files (atleast whatever files transferred over HTTP). Here are the steps to configure and extract the files from the … Continue reading

Posted in Tools, Web, Windows | Tagged , , , , , | 1 Comment

Decode “Attributes/FileAttributes” value in ProcMon output

Posted on October 8, 2013 by hiddencodes

The procmon output shows some shortcut for “Attributes” value. Something like this in the picture down. This value is(Attributes: ANCI) generated out of the value “FileAttributes” variable. Here is the direct mapping. #define FILE_ATTRIBUTE_READONLY                              0x00000001  -> R#define FILE_ATTRIBUTE_HIDDEN                                     0x00000002  -> … Continue reading

Posted in Tools | Tagged , | 1 Comment

tcpreplay for windows (using scapy-python)

Posted on April 13, 2013 by hiddencodes

Running tcpreplay in windows is a tedious job. As far as I have searched, I couldn’t able to find any tcpreplay binary that runs in windows(newer) or an alternative. We need to compile the tcpreplay source code using cygwin and … Continue reading

Posted in Pentest, Tools, Windows | Tagged , , , , , , , , , | 7 Comments

cuckoo

Posted on August 3, 2012 by hiddencodes

With the release of new Cuckoo, i wanted to check the features provided by Cuckoo.Just releasing the details i have collected. For those who don’t know much about Cuckoo, it is a malware analysis framework. Cuckoo can be used to … Continue reading

Posted in Internals, Malware, Malware Analyzer, Tools, Windows | Tagged , , , , | Leave a comment

Tools to analyze SWF file during Penetration Testing

Posted on March 20, 2012 by hiddencodes

HP SWFScan:http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167 swftools:http://www.swftools.org/ Adobe SWF Investigator:http://labs.adobe.com/downloads/swfinvestigator.html

Posted in Tools | Tagged | Leave a comment

Tools

Posted on October 26, 2011 by hiddencodes

Tools i use: 1.  Source Navigator 2.  Understand C++ 3.  Astyle 4.  Axman 5.  My own tool to keep track the audit information. 6.  Microsoft Visual Studio 2010 Documentation 7.  Doxygen 8.  PVS Studio 9.  IDA Pro 10. CodeLite

Posted in Tools | Tagged , | Leave a comment

Script to automatically extract the IDL from the installation folder.

Posted on August 5, 2011 by hiddencodes

  Auditing an application is mixture of source code analysis and binary analysis. When you auditing a new application , it is good to know the COM interfaces in the application. I extract the MSI/zip files into a folder and … Continue reading

Posted in COM, ole, python, Tools | Tagged , , , , , , | Leave a comment