New Tools from Imperva ADC

From: Imperva Application Defense Center (adc@imperva.com)
Date: Mon May 10 2004 - 16:08:27 EDT


Dear List,

Imperva(tm)'s Application Defense Center has released two new security
testing tools. These tools are aimed at testing of Client-Server
applications, where the Client behavior's needs to be analyzed.

The first tool, Dl-Hell, easily identifies DLL's called by an executable
or another DLL. This can be useful for identifying a dll that is related
to security calls, which can then be replaced by a DLL created by the
tester. The second tool, PassLoc, allows graphically locating the
existance of an encryption key inside an executable file (based on Adi
Shamir's "Playing hide and seek with encryption keys").

The tools can be obtained in the following URL's:
   PassLoc: http://www.imperva.com/adc/tools/passloc
   DlHell: http://www.imperva.com/adc/tools/dlhell

Both tools were created by Moran Surf, an Application Security Expert in
Imperva's ADC.

Detailed Description of the Tools:
=================================
Dl-Hell:
-------
The Dl-Hell tool is an easy to use tool for identifying an executable's
dynamic link library (DLL) files, and their relations. Given an
executable, the tool returns a list of possible DLL files that it uses,
including the functions within those that it calls, and possibly the
type of parameters they receive (this depends on the type of export the
DLL files implement). Dl-Hell is a useful tool for locating calls to
external DLLs in applications that use those for security measurement.
For example, an application that does its encryption operation using one
of those DLLs, or an application that performs its authentication checks
in an external DLL. Dl-Hell can be scaled to become a tool for replacing
those DLLs with different ones, thus overriding operations in
executables. All of this is done without the sources.

PassLoc:
-------
Based on Adi Shamir's "Playing hide and seek with encryption keys"
article, which suggests a way for locating keys within a buffer (memory,
large file, etc.). The PassLoc tool accepts a file as input and returns
a graphical plot of its content where the most random part of the file
is colored. The article suggests that due to the random nature of long
keys put in non-random files, the human eye can easily distinguish the
key given a sufficiently long file.

---
Imperva's Application Defense Center
http://www.imperva.com/adc
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT