Re[2]: Analize Virus

From: Rafa Richart (Rafa@ontinet.com)
Date: Fri Aug 03 2007 - 07:59:52 EDT

• Next message: Curt Purdy: "RE: [lists] Looking to set up an infosec lab"
• Previous message: Colin Copley: "Re: Analize Virus"
• In reply to: Andre' - SemperSecurus: "Re: Analize Virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks very much to all the people has aswered my question, now I've many information

Best regards

jueves, 02 de agosto de 2007
a las 17:39, escribió:

AS> My $.02

AS> For static or code analysis, I use IDAPro or Ollydbg as well as good
AS> old 'strings' and 'objdump', I've also been starting to play with PE
AS> Explorer lately.

AS> For dynamic studies, I'll run wireshark on my host system and use a
AS> combo of Winalysis, Process Explorer, filemon, and fport. Lately, I've
AS> been kicking SysAnalyzer around a bit.

AS> Keep in mind, more and more malware is becoming VMWare aware, so a
AS> hardware solution such as a CoreRestore card might be a good
AS> investment.

AS> In general:

AS> Behavioral Analysis:
AS> Wireshark
AS> Process Monitor
AS> Process Explorer
AS> FileMon
AS> RegMon
AS> TCPView
AS> Winalysis
AS> SysAnalyzer
AS> Snort
AS> tcpdump

AS> Static Analysis:
AS> AV Scanners
AS> IDA Pro
AS> Ollydbg
AS> strings
AS> Various unpackers
AS> PE Explorer
AS> LordPE
AS> Google

AS> HTH

AS> On 7/31/07, Rafa Richart <Rafa@ontinet.com> wrote:

>> Hi Pals,

>> we're looking for some tools to analize the Malware behaivor, we've a Lab under contrucción, but we need some advices of what tools we've to use. tools to see what have benn changin the registry, stat conexions etc...

>> Any help is wellcome.

>> Thanks in advance

>> Rafa

>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic

>> Need to secure your web apps NOW?
>> Cenzic finds more, "real" vulnerabilities fast.
>> Click to try it, buy it or download a solution FREE today!

>> http://www.cenzic.com/downloads
>> ------------------------------------------------------------------------

-- 
Saludos,
Departamento técnico
Ontinet.com, S.L.
http://www.protegerse.com
----------------------------------------------------------------------------
Noticias de seguridad, Datos sobre virus, Alertas, Bulos
Visite nuestra Enciclopedia: http://www.enciclopediavirus.com
----------------------------------------------------------------------------
***
Mensaje escrito con The Bat! versión 3.95.8
Con fecha viernes, 03 de agosto de 2007 a las 13:55
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Curt Purdy: "RE: [lists] Looking to set up an infosec lab"
• Previous message: Colin Copley: "Re: Analize Virus"
• In reply to: Andre' - SemperSecurus: "Re: Analize Virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT