Wednesday, March 18, 2009

Malware Tools

Here are links to the tools that I talked about. Thanks to everyone who came and thanks to Bluelock once again for hosting.

Reverse Engineering Malware Cheat Sheet
http://www.zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html

Ollydbg
http://www.ollydbg.de/

Ollydump to find OEP and dump process from memory
http://www.openrce.org/downloads/details/108/OllyDump

Hide from IsDebuggerPresent in Ollydbg:
http://www.openrce.org/downloads/details/111/IsDebuggerPresent

upx
http://upx.sourceforge.net/

un_fsg
http://programmerstools.org/node/208

PEiD
http://www.peid.info/

PEiD plug-ins
http://www.peid.info/BobSoft/Plugins.html

Volatility
https://www.volatilesystems.com/default/volatility

Volatility plug-ins
http://www.forensicswiki.org/wiki/List_of_Volatility_Plugins

Mantech Memory Dump
http://sourceforge.net/project/showfiles.php?group_id=228865

HB Gary Fast Dump
http://www.hbgary.com/products-services/fastdump-pro/
Posted by at 2 comments:
Labels:

Friday, March 13, 2009

March IndySec

March IndySec time!

Brian Carter will be presenting "Unpacking Malware, tools and techniques for analyzing encrypted and compressed malicious binaries."

The March IndySec will be hosted at the Bluelock data center. The facility is topnotch and includes a training area --- perfect for our event.

Date 3/18 (Wednesday, not the usual Thursday)
Time 6:30 PM
Location 6325 Morenci Tr. Indianapolis, IN 46268 Google map here.
Food We will order pizza after everyone arrives.

We have a great speaker at a great location - see you there.

-Steve
Posted by at 1 comment:
Subscribe to: Posts (Atom)