Software analasys tools
Idefence labs have some nice GPL tools for monitoring what software gets up to on the windows platform.
SysAnalyzer is an automated malcode run time analysis application that monitors various aspects of system and process states.
The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis:
| • ShellExt | - 4 explorer shell extensions |
| • socketTool | - manual TCP Client for probing functionality. |
| • MailPot | - mail server capture pot |
| • fakeDNS | - spoofs dns responses to controlled ip's |
| • sniff_hit | - HTTP, IRC, and DNS sniffer |
| • sclog | - Shellcode research and analysis application |
| • IDCDumpFix | - aids in quick RE of packed applications |
| • Shellcode2Exe | - embeds multiple shellcode formats in exe husk |
| • GdiProcs | - detect hidden processes |
HookExplorer is a small utility designed to scan a target
process and identify any user land hooks that may be installed
by unknown code.
Multipot is a emulation based honeypot designed to capture malicious
code which spreads through various exploits across the net. Design
specifications for this project mandated that the captures be done in
such a way so that the host machine would require only minimal
supervision and would not itself risk getting infected. Multipot was
designed to emulate exploitable services to safely collect malicious
code.
