So a coworker turned me on to REMnux, a Linux build for reversing malware. It has a ton of good tools (including my fav Volatility) and has a few tools for PDF analysis. You can even set up INetSim and simulate the common internet services you can point your victim box to and see how the bad code acts. *HINT* It helps to configure your IP address right,' almost' only counts in horseshoes and hand grenades....
I have not done much PDF analysis besides for executing in a VM and watching it run... so I figure this may be a source for an upcoming video. I have been reading Didier Stevens work on it and its so amazing how much you can learn about file.... by simply looking at it. That sounds silly but most people are nervous attacking a file in this manner (I won't understand it/I am not a programmer/I need answers fast), when in reality with the tools at your disposal it can actually be a good quick n dirty for determining if a PDF is indeed malicious and what it potentially is doing, thus finding your vulnerability. Heck you may get SO good at it you may write your own tool! That is not to say that you will understand ALL PDF's that cross your path, but everyone is learning... so don't be afraid to ask questions!
In other news:
I may do a video about YARA and show how versatile it can be when added with volatility. It will more than likely tie in with the on-going scenario.
I may even go old school and do a video about tcpdump. I personally have not used it in a long time and I have a feeling I will be using it more in work... so it's time for a refresher :)
Someone has suggested I try Camstudio for my recordings. I see no issue with this as its free. The next video will be made with that. Much thanks for the feedback!
I have not done much PDF analysis besides for executing in a VM and watching it run... so I figure this may be a source for an upcoming video. I have been reading Didier Stevens work on it and its so amazing how much you can learn about file.... by simply looking at it. That sounds silly but most people are nervous attacking a file in this manner (I won't understand it/I am not a programmer/I need answers fast), when in reality with the tools at your disposal it can actually be a good quick n dirty for determining if a PDF is indeed malicious and what it potentially is doing, thus finding your vulnerability. Heck you may get SO good at it you may write your own tool! That is not to say that you will understand ALL PDF's that cross your path, but everyone is learning... so don't be afraid to ask questions!
In other news:
I may do a video about YARA and show how versatile it can be when added with volatility. It will more than likely tie in with the on-going scenario.
I may even go old school and do a video about tcpdump. I personally have not used it in a long time and I have a feeling I will be using it more in work... so it's time for a refresher :)
Someone has suggested I try Camstudio for my recordings. I see no issue with this as its free. The next video will be made with that. Much thanks for the feedback!
2 comments:
Hi, is there a way I can talk to you offline via email?
Cheers.
send am email to: icanhazblog{at}gmail{dot}com
Post a Comment