-
Recent Posts
- Build nwjs12 for windows
- Deobfuscate Javascript using PhantomJS (Headless browser)
- Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection
- Instrument Microsoft Office applications to defeat macro obfuscations
- Dealing with pcaps in windows using Fiddler/FiddlerCore
- Extend Sulo to find the CVE of Flash exploits
- Understanding CVE-2015-0310 Flash vulnerability
- Build and use PCRE in windows
Top Clicks
- None
May 2024 S M T W T F S 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 -
Join 54 other subscribers
Category Archives: Tools
Dealing with pcaps in windows using Fiddler/FiddlerCore
Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading
Posted in Malware, Malware Analyzer, Tools, Web, Windows
Tagged Extract files from Pcap, Fiddler, Fiddler Automation, FiddlerCore, pcap, PCAP to File, pcap2saz
Leave a comment
MITM Gmail SMTP STARTTLS Traffic in LAB machines
During auditing we may face with the challenge of MITM Gmail SMTP STARTTLS traffic to retrieve the email content/credentials. Most of the .Net programs does NOT allow connecting to a Secure server using a self-signed certificates. I used starttls-mitm (https://github.com/ipopov/starttls-mitm) … Continue reading
Posted in .Net, Google, Malware Analyzer, Tools, Windows
Tagged MITM Gmail, MITM Gmail SMTP, MITM SMTP, MITM SMTP STARTTLS
1 Comment
pcap2file using Suricata in windows/linux
There is no easy way to automatically extract the files from the PCAP(not PCAP-NG). We can use Suricata to extract the files (atleast whatever files transferred over HTTP). Here are the steps to configure and extract the files from the … Continue reading
Posted in Tools, Web, Windows
Tagged Extract files from Pcap, File extraction from PCAP in windows, pcap, PCAP to File, pcap2file, Suricata
1 Comment
Decode “Attributes/FileAttributes” value in ProcMon output
The procmon output shows some shortcut for “Attributes” value. Something like this in the picture down. This value is(Attributes: ANCI) generated out of the value “FileAttributes” variable. Here is the direct mapping. #define FILE_ATTRIBUTE_READONLY 0x00000001 -> R#define FILE_ATTRIBUTE_HIDDEN 0x00000002 -> … Continue reading
tcpreplay for windows (using scapy-python)
Running tcpreplay in windows is a tedious job. As far as I have searched, I couldn’t able to find any tcpreplay binary that runs in windows(newer) or an alternative. We need to compile the tcpreplay source code using cygwin and … Continue reading
Posted in Pentest, Tools, Windows
Tagged build tcpreplay for windows, pcap, Penetration Testing, pentest, python, read pcap, scapy, send pcap, tcpreplay for windows, Windows
7 Comments
cuckoo
With the release of new Cuckoo, i wanted to check the features provided by Cuckoo.Just releasing the details i have collected. For those who don’t know much about Cuckoo, it is a malware analysis framework. Cuckoo can be used to … Continue reading
Posted in Internals, Malware, Malware Analyzer, Tools, Windows
Tagged cuckoo, Malware Analysis, Malware Analysis automation, Malware Analyzer, VirusTotal
Leave a comment
Tools to analyze SWF file during Penetration Testing
HP SWFScan:http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167 swftools:http://www.swftools.org/ Adobe SWF Investigator:http://labs.adobe.com/downloads/swfinvestigator.html
Tools
Tools i use: 1. Source Navigator 2. Understand C++ 3. Astyle 4. Axman 5. My own tool to keep track the audit information. 6. Microsoft Visual Studio 2010 Documentation 7. Doxygen 8. PVS Studio 9. IDA Pro 10. CodeLite
Script to automatically extract the IDL from the installation folder.
Auditing an application is mixture of source code analysis and binary analysis. When you auditing a new application , it is good to know the COM interfaces in the application. I extract the MSI/zip files into a folder and … Continue reading