Category Archives: Tools

Dealing with pcaps in windows using Fiddler/FiddlerCore

Many a times when we receive a pcap(especially exploit packs pcaps) for malware analysis purpose we had to do lot of manual work to load it in Fiddler and extract the objects and analyze those. While using windows, i depend … Continue reading

Posted in Malware, Malware Analyzer, Tools, Web, Windows | Tagged , , , , , , | Leave a comment

MITM Gmail SMTP STARTTLS Traffic in LAB machines

During auditing we may face with the challenge of MITM Gmail SMTP STARTTLS traffic to retrieve the email content/credentials. Most of the .Net programs does NOT allow connecting to a Secure server using a self-signed certificates. I used starttls-mitm (https://github.com/ipopov/starttls-mitm) … Continue reading

Posted in .Net, Google, Malware Analyzer, Tools, Windows | Tagged , , , | 1 Comment

pcap2file using Suricata in windows/linux

There is no easy way to automatically extract the files from the PCAP(not PCAP-NG). We can use Suricata to extract the files (atleast whatever files transferred over HTTP). Here are the steps to configure and extract the files from the … Continue reading

Posted in Tools, Web, Windows | Tagged , , , , , | 1 Comment

Decode “Attributes/FileAttributes” value in ProcMon output

The procmon output shows some shortcut for “Attributes” value. Something like this in the picture down. This value is(Attributes: ANCI) generated out of the value “FileAttributes” variable. Here is the direct mapping. #define FILE_ATTRIBUTE_READONLY                              0x00000001  -> R#define FILE_ATTRIBUTE_HIDDEN                                     0x00000002  -> … Continue reading

Posted in Tools | Tagged , | 1 Comment

tcpreplay for windows (using scapy-python)

Running tcpreplay in windows is a tedious job. As far as I have searched, I couldn’t able to find any tcpreplay binary that runs in windows(newer) or an alternative. We need to compile the tcpreplay source code using cygwin and … Continue reading

Posted in Pentest, Tools, Windows | Tagged , , , , , , , , , | 6 Comments

cuckoo

With the release of new Cuckoo, i wanted to check the features provided by Cuckoo.Just releasing the details i have collected. For those who don’t know much about Cuckoo, it is a malware analysis framework. Cuckoo can be used to … Continue reading

Posted in Internals, Malware, Malware Analyzer, Tools, Windows | Tagged , , , , | Leave a comment

Tools to analyze SWF file during Penetration Testing

HP SWFScan:http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/SWFScan-FREE-Flash-decompiler/ba-p/5440167 swftools:http://www.swftools.org/ Adobe SWF Investigator:http://labs.adobe.com/downloads/swfinvestigator.html

Posted in Tools | Tagged | Leave a comment