Archive for the ‘Programming’ Category

« Older Entries
Newer Entries »

The Python Tutorial

Wednesday, April 27th, 2011

Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python’s elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.

This tutorial does not attempt to be comprehensive and cover every single feature, or even every commonly used feature. Instead, it introduces many of Python’s most noteworthy features, and will give you a good idea of the language’s flavor and style. After reading it, you will be able to read and write Python modules and programs, and you will be ready to learn more about the various Python library modules described in The Python Standard Library.

Link: Python

Tags: ,
Posted in Programming | Comments Off

Swiftlet: PHP Framework

Tuesday, April 26th, 2011

Swiftlet is a light-weight web application framework written in PHP. It enables you to quickly deploy websites that are fast and secure.

Swiftlet is well written, well documented, completely free and open-source (licensed under GPL). It is extensible, flexible and doesn’t get in your way. Swiftlet requires zero configuration and has few conventions to adhere.

Swiftlet has all the features you would expect from a modern framework. It implements the Model-View-Controller (MVC) architecture pattern to separate logic from design and takes advantage of the Object-Oriented Programming (OOP) capabilities of PHP 5.

Link: Swiftlet

Tags: ,
Posted in Development, Programming | Comments Off

Malware Cookbook Tools Online

Sunday, April 24th, 2011

For all the folks who bought DVD-less Kindle versions of the cookbook, all the folks who received a DVD with their paper copy but want updates to the tools, and even for folks who just want to experiment with the tools without buying the book, please feel free to download with an SVN client here:

http://code.google.com/p/malwarecookbook/

In order by Chapter, here’s a quick description of what’s on the DVD. It also includes malware.py, the set of Volatility plugins for the upcoming 1.4 release, a bunch of sample memory dumps from malware infected systems, and full color images for screen shots in the book.

* torwget.py: Multi-platform TOR-enabled URL
* wwwhoney.tgz: CGI scripts to accept submissions from nepenthes and dionaea honeypots
* clamav_to_yara.py: Convert ClamAV antivirus signatures to YARA rules
* peid_to_yara.py: Convert PEiD packer signatures to YARA rules
* av_multiscan.py: Script to implement your own antivirus multi-scanner
* pescanner.py: Detect malicious PE file attributes
* ssdeep_procs.py: Detect self-mutating code on live Windows systems using ssdeep
* avsubmit.py: Command-line interface to VirusTotal, ThreatExpert, Jotti, and NoVirusThanks
* dbmgr.py: Malware artifacts database manager
* artifactscanner.py: Application to scan live Windows systems for artifacts (files, Registry keys, mutexes) left by malware
* mapper.py: Create static PNG images of IP addresses plotted on a map using GeoIP
* googlegeoip.py: Create dynamic/interactive geographical maps of IP addresses using Google charts
* sc_distorm.py: Script to produce disassemblies (via DiStorm) of shellcode and optionally apply an XOR mask
* vmauto.py: Python class for automating malware execution in VirtualBox and VMware guests
* mybox.py: Sample automation script for VirtualBox based on vmauto.py
* myvmware.py: Sample automation script for VMware based on vmauto.py
* analysis.py: Python class for building sandboxes with support for analyzing network traffic, packet captures, and memory
* RegFsNotify.exe: Tool to detect changes to the Registry and file system in real time (from user mode without API hooks)
* HandleDiff.exe: Tool to detect changes to the handle tables of all processes on a system (useful to analyze the side-effects of code injecting malware)
* Preservation.zip: Kernel driver for monitoring notification routines, preventing processes from terminating, preventing files from being deleted, and preventing other drivers from loading
* cmd.exe: Custom command shell (cmd.exe) for logging malware activity and backdoor activity
* tsk-xview.exe: Cross-view based rootkit detection tool based on The Sleuth Kit API and Microsoft’s Offline Registry API
* HTMLInjection Detector.exe: Detect HTML injection attacks on banking and financial websites
* routes.pl: RegRipper plug-in for printing a computer’s routing table
* pendingdelete.pl: RegRipper plug-in for printing files that are pending deletion
* disallowrun.pl: RegRipper plug-in for printing processes that malware prevents from running
* shellexecutehooks.pl: RegRipper plug-in for printing ShellExecute hooks (a method of DLL injection)
* dumpcerts.pl: Parse::Win32Registry module to extract and examine cryptography certificates stored in Registry hives
* somethingelse.pl: Parse::Win32Registry module for finding hidden binary data in the Registry
* scloader.exe: Executable wrapper for launching shell code in a debugger
* scd.py: Immunity Debugger PyCommand for finding shellcode in arbitrary binary files
* findhooks.py: Immunity Debugger PyCommand for finding Inline-style user mode API hooks
* pymon.py: WinAppDbg plug-in for monitoring API calls, alerting on suspicious flags/parameters and producing an HTML report
* xortools.py: Python library for encoding/decoding XOR, including brute force methods and automated YARA signature generation
* trickimprec.py: Immunity Debugger PyCommand for assistance when rebuilding import tables with Import REconstructor
* kraken.py: Immunity Debugger PyCommand for cracking Kraken’s Domain Generation Algorithm (DGA)
* sbstrings.py: Immunity Debugger PyCommand for decrypting Silent Banker strings
* rundll32ex.exe: Extended version of rundll32.exe that allows you to run DLLs in other processes, call exported functions, and pass parameters
* install_svc.bat: Batch script for installing a service DLL (for dynamic analysis of the DLL)
* install_svc.py: Python script for installing a service DLL and supplying optional arguments to the service
* dll2exe.py: Python script for converting a DLL into a standalone executable
* DriverEntryFinder: Kernel driver to find the correct address in kernel memory to set breakpoints for catching new drivers as they load
* windbg_to_ida.py: Python script to convert WinDbg output into data that can be imported into IDA
* WinDbgNotify.txt: WinDbg script for identifying malicious notification routines

Link: MNIN Security

Tags: , , , , ,
Posted in Programming, Security | Comments Off

Malware Analyst’s Cookbook: Tools & Techniques For Fighting Malicious Code

Saturday, April 23rd, 2011

Malware Analyst’s Cookbook has nearly 200 recipes (you can think of them as 3-5 page blogs) aim to solve common problems that you’ll encounter while analyzing, reverse-engineering, and investigating malware. The DVD includes full size color images of all figures in the book, evidence files (memory samples, registry hives, etc.) and about 50 custom tools in C/C++, Python and Perl – many of which we’ll also publish on this website after some time.

Link: Amazon

Tags: , , , ,
Posted in Programming, Security | Comments Off

« Older Entries
Newer Entries »