NoGoToFail :: Network Traffic Security Testing Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" width="640" /></a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Nogotofail</b> is a <b>network security testing tool</b> designed to help developers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.</div> <div style="text-align: justify;"> <b>Google</b> is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.<br />The Android Security Team has built a tool, called <b>nogotofail</b>, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. <b>Nogotofail</b> works for <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>, iOS, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.<br />We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.</div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Python:</b> <a href="https://github.com/google/nogotofail/archive/dev.zip" target="_blank">nogotofail</a> (Github)</div> <div style="text-align: justify;"> <b>Official Website:</b> https://github.com/google/nogotofail</div>

NoGoToFail :: Network Traffic Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connect...

Read more »

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <img alt="the sleuth kit logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div> <b>The Sleuth Kit</b> is a C++ library and collection of open source file system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. <br /> <b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> tools can be directly used to find evidence. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div> <ul style="text-align: justify;"> <li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li> <li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li> <li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.</li> </ul> <div style="text-align: justify;"> <br /></div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a> <b> </b><br /> <b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br /> <b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

  The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

Read more »

Crypto Implementations Analysis Toolkit :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="Crypto Implementation Analysis Toolkit (CIAT)" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAZPIwVYWPyohkcKc1fGGaHZAcyEw0BoiIWqylgFCnmnY1VjNEgNvH1QOaOPUW0oKzjIUDWaaT-w2W0NnTovjr_7z_6iDQDsIk1zJ32bIxlmbcNT-H9milmKcnN3YE4dztJDAY7SjbM_Ll/s1600/Crypto+Implementation+Analysis+Toolkit+(CIAT).png" title="Crypto Implementation Analysis Toolkit (CIAT)" width="400" /></div> <div style="text-align: justify;"> The <b>Cryptographic Implementations Analysis Toolkit (CIAT)</b> is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). </div> <br /> <h3> Download :: </h3> <b>Linux & Windows :: </b><a href="http://sourceforge.net/projects/ciat/files/latest/download" target="_blank">Crypto Implementation Analysis Toolkit (CIAT) (.zip)</a><b> </b><br /> <b>Official Website :: </b><a href="http://ciat.sourceforge.net/">http://ciat.sourceforge.net/</a>

Crypto Implementations Analysis Toolkit :: Framework

The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in th...

Read more »

DriveCrypt (Disk Encryption) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJG1cJGABe9up2Ykue6hyZD7gWDJwSIxIEt8NeFLzGON-W0RfSsZEyBnePNOIAohuBuGfUEy9DwcvZLs_u7ZwvBxLWlSStcVz4Ew7DqEz1pzfA34LzP_7M-ZJWaPTX-ELgYeVKUfJfQ7HA/s1600/DeviceCrypt+Image.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="DeviceCrypt Image" border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJG1cJGABe9up2Ykue6hyZD7gWDJwSIxIEt8NeFLzGON-W0RfSsZEyBnePNOIAohuBuGfUEy9DwcvZLs_u7ZwvBxLWlSStcVz4Ew7DqEz1pzfA34LzP_7M-ZJWaPTX-ELgYeVKUfJfQ7HA/s1600/DeviceCrypt+Image.jpg" title="DeviceCrypt Image" width="320" /></a></div> <div style="text-align: justify;"> <span class="style_5"><b>DRIVECRYPT</b> <i> securely and easily protects all proprietary data</i> on notebooks and desktop computers 100% of the time without users having to think about <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>. Any organization, from a small company to a large international firm with thousands of users in the field, can effectively protect business plans, client lists, product specifications, confidential corporate memos, stock information, and much more with this <b>disk <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encryption</a></b> product.</span><br /> <table border="0" cellpadding="0" cellspacing="1" style="height: 269px; width: 100%px;"><tbody> <tr><td><br /> <div class="style_5" style="text-align: justify;"> <span class="style_title_3">With its Traveller modus functionality, <b>DriveCrypt</b> is the ideal solution to encrypt <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> disks and Pen drives without needing to install the software on the computer.</span></div> <div class="style_title_3"> <br /> <span class="style_title_1"><b> How DriveCrypt`s On-the-fly Encryption Works ::</b><br /> </span></div> <div class="style_5"> <br /></div> <div style="text-align: justify;"> <span class="style_5"> As data is read from the hard disk, <b>DeviceCrypt</b> automatically decrypts the data before it is loaded into <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>. When data is written back to the hard disk, it is automatically re-encrypted. The disk encryption/ decryption process is completely transparent to the user or any application program -the data is caught "on the fly" as it transfers back and forth between the hard disk and memory. Consequently, users don't need to remember to decrypt or re-encrypt their data, or change the normal operation of the PC. In addition, only individual files are decrypted at any one time, not the whole hard disk.</span></div> </td> <td align="center" valign="top"><div style="text-align: center;"> <br /></div> <div class="style_5" style="text-align: center;"> <br /></div> </td> </tr> </tbody> </table> <h3> <span class="style_title_1"><b>DriveCrypt Key Features ::</b></span></h3> <h3> <span class="style_title_1"> </span></h3> <div class="style_5"> <span class="style_5"><b> 1. Strong Cryptography ::</b><br /> </span></div> <div class="style_5" style="text-align: justify;"> <span class="style_5">1344 Bit Military Strength <b>disk encryption</b> using the best and most proven <a href="http://www.toolwar.com/search/label/Cryptography" target="_blank">cryptography</a> algorithms such as AES, Blowfish, Tea 16, Tea 32, Des, Triple Des, Misty 1 and Square. <br /> </span><br /> <b> 2. Easy to Install, Deploy & Use ::<br /> </b></div> <div class="style_5" style="text-align: justify;"> <span class="style_5"><b>DeviceCrypt</b> data encryption software requires minimal administration and user training. <b>Disk encryption</b> is completely transparent, requiring no change in the way users work with the computer.</span></div> <div class="style_5"> <span class="style_5"> </span><span class="style_title_1"></span><span class="style_5"><br /> <b> 3. Maximize Your Security, Minimize Your Risk </b>::<br /> </span></div> <div class="style_5" style="text-align: justify;"> <b><span class="style_5"> </span></b><span class="style_5">DRIVECRYPT protects your data with very fast and a true "on the fly" disk encryption process. Other products that claim to be "on the fly" decrypt an entire file and load it into memory, creating significant security risks. <b>DriveCrypt</b> </span><span class="style_5">file encryption software</span><span class="style_5"> is smarter and more secure because it decrypts only the specific portion of a file that is in use. Unprotected data never resides on a DriveCrypt encrypted hard drive. </span><b><span class="style_5"><br /> </span></b><span class="style_5"><br /> </span></div> <span class="style_5"></span><span class="style_5"><b>4. Disk Partition and file volume encryption :: </b>(Partition encryption with DriveCrypt standard edition only) <br /> </span> <br /> <div class="style_5" style="text-align: justify;"> <span class="style_5">DRIVECRYPT allows both, the encryption of an entire Hard Disk partition, as well as the creation of a <a href="http://www.toolwar.com/search/label/Virtual" target="_blank">virtual</a> container file that will store all the encrypted information.</span></div> <div class="style_5" style="text-align: justify;"> <br /></div> <div class="style_5" style="text-align: justify;"> <span class="style_5"><b>5. Invisible Containers :: </b>(DriveCrypt standard edition only)<br /> The <b>DriveCrypt</b> Standard edition has the ability to create an INVISIBLE disk INSIDE a container or partition. This way you define two <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a> for a container. The invisible disks password gives you access to your working disk, which is hidden in the unused area of your "outer" disk, while another password gives you access to the pre-setup <b> DriveCrypt </b>volume in which you only store data that you would want others to believe is the only data in the container or partition. This is very useful in cases where an aggressor may force you to reveal the DriveCrypt disk's password: By revealing the password of the first or "outer" disk, the aggressor will ONLY see the "prepared data": IE data you put in there, before creating the hidden disk, while he will not be able to see or get evidence that there is another invisible container that securely stores confidential data on the disk. <br /> </span><span class="style_5"><br /> <b> 6. Hide data into music files </b></span><span class="style_5">::<br /> Using special so called "Steganographic" functionalities, DRIVECRYPT allows you to hide all your sensitive information into music files. Just authorized users will be able to access secret information, anyone else will only find harmless music on the computer… <br /> </span></div> <span class="style_5"><b>7. Easily encrypts Pen-Drives and USB disks on a container or partition level. </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">With the HOT Disk option, DriveCrypt can also optionally automatically request the users authentication data as soon as the USB device is inserted. When the USB disk is removed from the computer, all the data are automatically inaccessible to unauthorized persons.</span></div> <span class="style_5"><br /> <b> 8. Improved Password Security ::</b><br /> DRIVECRYPT allows administrators to configure several password settings: <br /> - Master Password Settings <br /> - Restricted second user Passwords <br /> - Second user Password Expiration <br /> - Console Lock-Out Password <br /> </span><span class="style_5"><br /> </span><span class="style_5"><b> 9. Password Sniffing Protection</b></span> ::<br /> <span class="style_5"></span><br /> <div style="text-align: justify;"> <span class="style_5"> DRIVECRYPT integrates special functionalities that prevent passwords from being sniffed by Hackers or Trojan horses such as Back Orifice, SubSeven etc...</span></div> <span class="style_5"><br /> </span><span class="style_5"><b> 10. No-Evidence Encryption </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT container files do not have any file header that indicates it is a DriveCrypt encrypted file. Therefore, without knowing the right passphrase, it is impossible to prove that a large container file on the computer is a DriveCrypt virtual disk container.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> <b> 11. Administrator Password Control (keyfiles) ::</b><br /> DRIVECRYPT allows system Administrators to assign different passwords to different users. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 12. Anti Dictionary or Brute Force Attack mechanism </b></span>::<br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT makes Dictionary or Brute Force attacks against encrypted volumes much harder than any of the actual competitor products by dramatically slowing down these processes.</span></div> <span class="style_title_1"></span><span class="style_5"><br /> <b> 13. Easy and fast hotkey control </b>::<br /> DRIVECRYPT allows the most used commands like mount or dismount encrypted volumes… to be rapidly accessed trough Hotkeys and/or the toolbar. <br /> </span><span class="style_title_1"><span class="style_5"></span></span><span class="style_title_1"><span class="style_5"></span></span><span class="style_5"><br /> <b> 14. Second User Access </b>::<br /> DRIVECRYPT allows the creation of a master password, as well as different lower rights second user passwords (keyfiles). <br /> </span><span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 15. Forgotten user password recovery </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT allows administrators using the master password, to access an encrypted disk even if the user has forgotten his user password. This ensures that a company can restore a user password if forgotten. DriveCrypt prevents loss of valuable data from user's workstations and notebooks by allowing three methods of encrypted data access: the Master Password, the user password (keyfile) and/or hardware device access such as optional fingerprint-/Smartcard Readers or USB Token devices.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 16. Eliminate the Danger Of Unattended Computers ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT provides an automatic and/or manual lock-out feature that locks out the user's console and displays a password-protected screen saver. This lock-out functionality can be activated manually or automatically after a specified period of computer inactivity. The computer remains secure even when left unattended. To restore the screen and unlock the keyboard, the password for the current user or Master Password must be entered.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> <b> 17. Secure Disk Deletion (Disk Wiping) ::</b><br /> DRIVECRYPT allows you to wipe the free space on a disk. This ensures that deleted files will never be recovered by special disk tools. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 18. Encrypted Volume Resizing (DriveCrypt Standard edition) ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">An Encrypted Volume may, with time, become too small or too big, for the amount of data it has to contain. Therefore, DriveCrypt offers you a Volume-Resize functionality. This will allow you to easily adapt a volume to your needs at any time, and optimise the Hard Disk space.</span></div> <span class="style_title_1"> </span><span class="style_5"><br /> <b> 19. External Hardware Support ::</b><br /> DRIVECRYPT supports optional external hardware devices such as: Fingerprint and Smartcard reader, as well as USB token. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b>20. Works on any Storage Medium </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT works on any kind of Hard Disk, and removable medium such as Floppy-, Zip-, Jazz-, Sygate-, CD-Rom, DVD- Drives etc… and manages up to 16 TERABITE of encrypted data (Standard edition) or 4 GB (Home Edition)</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 21. Installation is Easy and Safe ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">The installation is easy and fast. During installation, the administrator simply selects the drives to be encrypted, the encryption method he would like to use and the master password. DRIVECRYPT will then make the rest and crypt the selected disks.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 22. Encrypted Data is Easily Recovered ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">If a user leaves the organization, the encrypted data on the PC is easily recovered and restored to a decrypted state by the administrator using the Master Password or the Local Administrator Password.</span></div> <span class="style_title_1"><span class="style_5"></span></span><span class="style_title_1"></span><span class="style_title_1"><span class="style_5"></span></span><span class="style_5"><br /> <b> 23. No Backdoors present ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5"> DriveCrypt does NOT include any backdoor. Encrypted data are only accessible by the legitimate users. Neither the vendor nor any other entities are able to break DriveCrypt <b>disk encryption</b>. <br /> </span><span class="style_5"></span></div> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> <span class="style_5">Download ::</span></h3> </div> <div style="text-align: justify;"> <b><span class="style_5">Windows :: </span></b><span class="style_5"><a href="http://www.securstar.com/downloads.php?option=download" target="_blank">DeviceCrypt (30 Days Trial)</a> | Windows 7 & Windows 8 Compatible</span><b><span class="style_5"> </span></b></div> <div style="text-align: justify;"> <b><span class="style_5">Price :: </span></b><span class="style_5">82$</span><b><span class="style_5"><br /></span></b></div> <div style="text-align: justify;"> <span class="style_5"><b>Official Website :: </b><a href="http://www.securstar.com/products_drivecrypt.php">http://www.securstar.com/products_drivecrypt.php</a> </span></div>

DriveCrypt (Disk Encryption) :: Tools

DRIVECRYPT securely and easily protects all proprietary data on notebooks and desktop computers 100% of the time without users having...

Read more »

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Network Forensics" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400/Network+Forensics.jpg" title="Network Forensics" width="400" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div> <div style="text-align: justify;"> <b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Read more »

Mandiant Memoryze (Live Memory Forensic) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Memoryze Logo" border="0" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP6Kiq6DL8HvQGQr0mM99tRZ4IPEArJ8MAgMScreZuK6ooQ73__V7_InhX_VZ_JTI3i6HMxlsvJ6HheaMaVEey7VHFt_4UHW_vW8sSMttY7brLEr-rMCOR-jWHctlRSlXt85RjFwYA_CZ2/s400/Memoryze+Logo.png" title="Memoryze Logo" width="400" /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze</b> is free<i> <b>memory forensic software</b></i> that helps incident responders <b><i>find evil in live memory.</i></b> <b>Memoryze</b> can acquire and/or analyze <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> images, and on live systems, can include the paging file in its <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze</b> features:</div> <ul style="text-align: justify;"> <li>image the full range of <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> memory (not reliant on API calls).</li> <li>image a process’ entire address space to disk. This includes a process’ loaded DLLs, EXEs, heaps and stacks.</li> <li>image a specified driver or all drivers loaded in <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> to disk.</li> <li>enumerate all running processes (including those hidden by rootkits). For each process, Memoryze can:</li> <ul> <li>report all open handles in a process (for example, all files, registry keys, etc.).</li> <li>list the virtual address space of a given process including:</li> <ul> <li>displaying all loaded DLLs.</li> <li>displaying all allocated portions of the heap and execution stack.</li> </ul> <li>list all <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> sockets that the process has open, including any hidden by rootkits.</li> <li>specify the functions imported by the EXE and DLLs.</li> <li>specify the functions exported by the EXE and DLLs.</li> <li>hash the EXE and DLLs in the process address space (MD5, SHA1, SHA256.  This is disk based.)</li> <li>hash the EXE and DLLs in the process address space. (This is a MemD5 of the binary in memory).</li> <li>verify the digital signatures of the EXE and DLLs. (This is disk based.)</li> <li>output all strings in memory on a per process basis.</li> </ul> <li>identify all drivers loaded in memory, including those hidden by rootkits. For each driver, Memoryze can: </li> <ul> <li>specify the functions the driver imports.</li> <li>specify the functions the driver exports.</li> <li><a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> the driver. (MD5, SHA1, SHA256. this is disk based.)</li> <li>verify the digital signature of the driver (This is disk based.)</li> <li>output all strings in memory on a per driver base.</li> </ul> <li>report device and driver layering, which can be used to intercept network <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a>, keystrokes and file activity.</li> <li>identify all loaded kernel modules by walking a linked list.</li> <li>identify hooks (often used by rootkits) in the System Call Table, the Interrupt Descriptor Tables (IDTs) and driver function tables (IRP tables).</li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools. </b></div> <div style="text-align: justify;"> Memoryze officially supports:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 2000 Service Pack 4 (32-bit)</li> <li>Windows XP Service Pack 2 and Service Pack 3 (32-bit)</li> <li>Windows Vista Service Pack 1 and Service Pack 2 (32-bit)</li> <li>*Windows Vista Service Pack 2 (64-bit)</li> <li>Windows 2003 Service Pack 2 (32-bit and 64-bit)</li> <li>Windows 7 Service Pack 0 (32-bit and 64-bit)</li> <li>*Windows 2008 Service Pack 1 and Service Pack 2 (32-bit)</li> <li>Windows 2008 R2 Service Pack 0 (64-bit)</li> <li>*Windows 8 Service Pack 0 (32-bit and 64-bit)</li> <li>*Windows Server 2012 Service Pack 0 (64-bit)</li> </ul> <div style="text-align: justify;"> * means support for a new operating system without experience on millions of host</div> <div style="text-align: justify;"> In order to visualize Memoryze’s output, please download Redline™ or use an XML viewer.  Redline is Mandiant’s premier <a href="http://www.toolwar.com/search/label/Free" target="_blank">free</a> tool for investigating hosts for signs of malicious activity through memory and file <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, and the development of a threat assessment profile.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials :: </h3> <b>Youtube ::</b><a href="http://www.youtube.com/watch?v=NskrZmwwV5s" target="_blank"><b> </b>Click Here</a><br /> <b>Forum :: </b><a href="https://forums.mandiant.com/" target="_blank">Mandiant Memoryze Forum</a> <br /> <b>User Guide ::  </b><a href="http://www.mandiant.com/library/MemoryzeUserGuide.pdf" target="_blank">Memoryze User Guide PDF</a><br /> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://www.mandiant.com/library/MemoryzeSetup3.0.msi" target="_blank">Mandiant Memoryze 3.0</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://www.mandiant.com/resources/download/memoryze">https://www.mandiant.com/resources/download/memoryze</a></div> <div style="text-align: justify;"> <br /></div>

Mandiant Memoryze (Live Memory Forensic) :: Tools

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire ...

Read more »

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="PeePDF Analysis" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" title="PeePDF Analysis" width="400" /></a></div> <b>PeePDF</b> is a <b>Python tool to explore PDF files</b> in order to find out if the file can be harmful or not. The aim of this <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tool</a> is to provide all the necessary components that a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researcher could need in a <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF analysis</a> without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides <b>Javascript and shellcode <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones. </div> <div style="text-align: justify;"> <br /> The main functionalities of peepdf are the following: </div> <div style="text-align: justify;"> <h3> <b> Analysis: </b></h3> </div> <ul style="text-align: justify;"> <li> Decodings: hexadecimal, octal, name objects </li> <li> More used filters </li> <li> References in objects and where an object is referenced </li> <li> Strings search (including streams) </li> <li> Physical structure (offsets) </li> <li> Logical tree structure </li> <li> Metadata </li> <li> Modifications between versions (changelog) </li> <li> Compressed objects (object streams) </li> <li> Analysis and modification of Javascript (PyV8): unescape, replace, join </li> <li> Shellcode analysis (Libemu python wrapper, pylibemu) </li> <li> Variables (set command) </li> <li> Extraction of old versions of the document </li> <li> Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>) </li> <li> Checking hashes on <a href="http://www.toolwar.com/2013/12/virustotal-analyze-files-and-urls-tools.html" target="_blank"><b>VirusTotal</b></a> </li> </ul> <div style="text-align: justify;"> <b> Creation/Modification: </b></div> <ul style="text-align: justify;"> <li> Basic PDF creation </li> <li> Creation of PDF with Javascript executed wen the document is opened </li> <li> Creation of object streams to compress objects </li> <li> Embedded PDFs </li> <li> Strings and names obfuscation </li> <li> Malformed PDF output: without endobj, garbage in the header, bad header... </li> <li> Filters modification </li> <li> Objects modification </li> </ul> <div style="text-align: justify;"> <b> Execution modes: </b></div> <ul style="text-align: justify;"> <li> Simple command line execution </li> <li> <b>Powerful interactive console</b> (colorized or not) </li> <li> Batch mode </li> </ul> <div style="text-align: justify;"> <b> TODO: </b></div> <ul style="text-align: justify;"> <li> Embedded PDFs analysis </li> <li> Improving automatic Javascript analysis </li> <li> GUI </li> </ul> <h3> Tutorials :: </h3> <b>PeePDF Installation :: </b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank">Click Here</a><b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank"> </a></b><br /> <b>PeePDF Execution :: </b><a href="http://code.google.com/p/peepdf/wiki/Execution" target="_blank">Click Here</a><br /> <b>PeePDF Commands ::  </b><a href="http://code.google.com/p/peepdf/wiki/Commands" target="_blank">Click Here</a><br /> <b>PDF Forensics and Analysis eBook</b> :: <a href="https://www.amazon.com/dp/B00LSF1TU6" target="_blank">Click Here</a> <br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T1GcheLaY5M?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Linux | Windows :: </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.zip" target="_blank">peepdf v0.2</a> (.zip)<b> | </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz" target="_blank">peepdf v0.2</a> (.tar.gz) <b> </b><br /> <b>Source Website ::</b> <a href="http://code.google.com/p/peepdf/">http://code.google.com/p/peepdf/</a>

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to prov...

Read more »

GoldenEye (DoS Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="ddos icon" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJOQnS__a36My3QgFrkkZZnKbMa2sQ5wymnzD-TYPn2-Hi3HzwaqF7hyphenhyphenimikRz5C7uJ3EQc2UHSYhjBNDc4TDogFEdp8zIL-ab7q41TBZPSowkU6qXuTkKbYPg3QOuCHEa5gb1WjXFL0js/s1600/ddos+logo.jpg" title="ddos icon" width="400" /></div> <div style="text-align: justify;"> <b>GoldenEye</b> is a <b>HTTP DoS test tool</b>. This software is distributed under the <i>GNU General Public License</i> version 3 (GPLv3). <b>GoldenEye</b> is a <b><acronym title="HyperText Transfer Protocol">HTTP</acronym>/S Layer 7 <a href="http://www.toolwar.com/search/label/DDoS" target="_blank">Denial-of-Service</a> Testing Tool</b>. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the <acronym title="HyperText Transfer Protocol">HTTP</acronym>/S server.</div> <div style="text-align: justify;"> This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> that I decided to improve which later became <b>GoldenEye</b>. Kudos for you Barry! This software is written in purely<a href="http://www.toolwar.com/search/label/Python" target="_blank"> Python</a>.</div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><span style="font-family: "Courier New",Courier,monospace;"><code> USAGE: ./goldeneye.py <url> [OPTIONS] OPTIONS: Flag Description Default -t, --threads Number of concurrent threads (default: 500) -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get) -d, --debug Enable Debug Mode [more verbose output] (default: False) -h, --help Shows this help</code></span></pre> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b><span style="font-size: small;"><span style="font-weight: normal;">Python :: <a href="https://github.com/jseidl/GoldenEye/archive/master.zip" target="_blank">GoldenEye</a><b> (.py)</b></span></span></b></div> <div style="text-align: justify;"> <b>Source Website ::</b>  <a href="https://github.com/jseidl/GoldenEye">https://github.com/jseidl/GoldenEye</a></div>

GoldenEye (DoS Testing) :: Tools

GoldenEye is a HTTP DoS test tool . This software is distributed under the GNU General Public License version 3 (GPLv3). GoldenEye is ...

Read more »

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="KillerBee Image" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.</b> Using <b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div> <b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

Read more »

Harden SSL/TLS (Hardening the SSL/TLS Settings) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBa17UaBE6_uLqnW3ha9asqX4KU8sGA56AJGGz8D7fPGp9nBAaaoDCCwmqxykTCZs8Di69HPGMkJ8b5wW92qTpCqWQnIy3q6OKPLyPPF5vl45IRxFdQDeGnSTcaOtCoPF6pbpocWlvptjD/s1600/Harden+SSL-TLS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Harden SSL/TLS" border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBa17UaBE6_uLqnW3ha9asqX4KU8sGA56AJGGz8D7fPGp9nBAaaoDCCwmqxykTCZs8Di69HPGMkJ8b5wW92qTpCqWQnIy3q6OKPLyPPF5vl45IRxFdQDeGnSTcaOtCoPF6pbpocWlvptjD/s400/Harden+SSL-TLS.png" title="Harden SSL/TLS" width="400" /></a></div> <div style="text-align: justify;"> <b>Harden SSL/TLS</b> allows <i>hardening the SSL/TLS settings</i> of <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 2000,2003,2008,2008R2, XP,Vista,7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites. </div> <div style="text-align: justify;"> <b>Harden SSL/TLS</b> tool specific allows setting policies with regards to what ciphers and <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a> are available to applications that use SCHANNEL crypto interface. A lot of windows applications do use this interface, for instance Google Chrome as well as Apple Safari are a few of these. By changing the settings you can indirectly control what ciphers these applications are allowed to use. </div> <br /> <br /> <span class="style3"><b>Advanced mode </b><br /> · re-enable ECC P521 mode on Windows7 and 2008R2<br /> · Set TLS Cache size and timeout<br /> </span><span class="style3"><br /></span> <br /> <h3> Tutorials ::</h3> <b>Documentations & Video Tutorial :: </b><a href="http://www.g-sec.lu/products.html" target="_blank">Click Here</a><br /> <br /> <h3> Download ::</h3> <b>Windows :: </b><a href="http://www.g-sec.lu/sslharden/HardenSSL.zip" target="_blank">Harden SSL/TLS (Beta)</a><b><br /></b><br /> <b>Official Website :: </b><a href="http://www.g-sec.lu/products.html">http://www.g-sec.lu/products.html</a>

Harden SSL/TLS (Hardening the SSL/TLS Settings) :: Tools

Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows locally and remotely set...

Read more »

Sandcat Browser (Web Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s1600/sandcat+browser+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sandcat browser screenshot" border="0" height="310" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s400/sandcat+browser+screenshot.png" title="sandcat browser screenshot" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Sandcat Browser</b> is the fastest web browser combined with the fastest scripting language packed with features for pen-testers<b>. Sandcat Browser</b> is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The <b> Sandcat Browser</b> is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. </div> <div class="vspace" style="text-align: justify;"> Some of its unique features include: </div> <ul style="text-align: justify;"> <li><b>Live HTTP Headers</b> — built-in live headers with a dedicated cache per tab and support for preview extensions </li> <li><b>Sandcat Console</b> — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page </li> <li><b>Resources</b> tab — allows you to view the page resources, such as JavaScript files and other web files. </li> <li><b>Page Menu</b> extensions — allows you to view details about a page and more. </li> <li><b>Pen-Tester Tools</b> — Sandcat comes with a multitude of pen-test oriented extensions. This includes a Fuzzer, a Script Runner, HTTP & XHR Editors, Request Loader, Request Replay capabilities and more. </li> </ul> <div class="vspace" style="text-align: justify;"> Features inherited from Chromium include: </div> <ul style="text-align: justify;"> <li><b>Multi-Process Architecture</b> — each tab is its own process </li> <li><b>Developer Tools</b> — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles. </li> </ul> <h3 style="text-align: justify;"> <b> </b></h3> <h3 style="text-align: justify;"> <b>Tutorials ::</b></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/xdeXF4F4T_Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.syhunt.com/pub/downloads/sandcat-browser-4.4.exe" target="_blank">Sandcat v4.4</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.syhunt.com/?n=Sandcat.Browser">http://www.syhunt.com/?n=Sandcat.Browser</a><b> </b></div> <h3 style="text-align: justify;"> </h3> <div style="text-align: justify;"> </div>

Sandcat Browser (Web Penetration Testing) :: Framework

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers . Sandcat...

Read more »

Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

OWASP Androick (Forensic Analysis on Android) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Android Forensics" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJ_1RDUELmZ8Hp8cgrssB5b0X5mgQR8j1Vwh1HV1yITtkSA9nd57u9Vod3tLTOgvRJRdActpiJ0szI73A-Y38mXv3e43879WHZ30qYNoak_X9fz6wcJjDDe8pYSZc4iYwuJFzZmPMKizj/s1600/Android+Forensics.jpg" title="Android Forensics" width="400" /></div> <div style="text-align: justify;"> <b>OWASP Androick</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on android</b>. Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs. It is easy to use and avoid all repetitives tasks !</div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><code><span style="font-family: "Courier New",Courier,monospace;">1) show help message ./androick.py -h </span> 2) show informations ./androick.py -a 3) select device to use ./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... ./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 4) find package name ./androick.py [-v] -f <Part of package name> 5) download all related things of application ./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 6) select only things you want extract ./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] </code></pre> <pre><code>[-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 7) how to use option --keyLogs --keyLogs="key1,key2,key3" if more than one package --keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" </code></pre> <pre><code> </code></pre> <pre><code>Example : ./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player /!\ The memory dump option will mostly not works with production builds </code></pre> <h2> <a class="anchor" href="https://github.com/Flo354/Androick#author" name="user-content-author"></a><code> </code></h2> <h3 style="text-align: justify;"> Dependencies ::</h3> <div style="text-align: justify;"> Python - Python >=2.6 | Python Magic</div> <div style="text-align: justify;"> SDK - aapt | adb | hprof-conv</div> <div style="text-align: justify;"> Others - a rooted device | sqlite3</div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Windows | Linux | Mac :: </b><a href="https://github.com/Flo354/Androick/archive/master.zip" target="_blank">OWASP Androick</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://www.owasp.org/index.php/OWASP_Androick_Project">https://www.owasp.org/index.php/OWASP_Androick_Project</a></div>

OWASP Androick (Forensic Analysis on Android) :: Tools

OWASP Androick is a python tool to help in forensics analysis on android . Put the package name, some options and the programm will dow...

Read more »

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="OWASP iOSForensics" border="0" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLCKwgu3zOqgZkzDNIxnBt6nCpUZPd2gX3PNuOAtqysK41AnLv8Yicnn5Jgj86S9f4u3QXuw29oLRJLVkYa4JbGB_6UDqINyA0snRuKK-rGGhtp-8MZRzGoaJqm0heDkj6NmbBr9scPd_/s1600/iOSForensics.jpg" title="OWASP iOSForensics" width="640" /></div> <div style="text-align: justify;"> <b>OWASP iOSForensic</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on iOS</b>. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml. <b>OWASP iOSForensic</b> is free to use. It is licensed under the GNU GPL v3 License, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. </div> <h3 style="text-align: justify;"> Features :: </h3> OWASP iOSForensic provides: <br /> <ul> <li> Application's files </li> <li> Conversion of .plist files in XML </li> <li> Extract all databases </li> <li> Conversion of binary cookies </li> <li> Application's logs </li> <li> A List of all packages </li> <li> Extraction multiple packages </li> </ul> <h3> Tutorials :: </h3> <b>Usages :: </b><br /> <ul class="task-list"> <li> -h --help : show help message</li> <li> -a --about : show informations</li> <li> -v --verbose : verbose mode</li> <li> -i --ip : local ip address of the iOS terminal</li> <li> -p --port : ssh port of the iOS terminal (default 22)</li> <li> -P --password : root password of the iOS terminal (default alpine)</li> </ul> <b>Examples :: </b> <br /> <br /> <pre><code>./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP ./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2</code></pre> <h3> Download ::</h3> <b>Linux :: </b><a href="https://github.com/Flo354/iOSForensic/archive/master.zip" target="_blank">OWASP iOSForensics</a><br /> <b>Official Website :: </b><a href="https://www.owasp.org/index.php/Projects/OWASP_iOSForensic">https://www.owasp.org/index.php/Projects/OWASP_iOSForensic</a><br /> <div style="text-align: justify;"> <br /></div>

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

OWASP iOSForensic is a python tool to help in forensics analysis on iOS . It get files, logs, extract sqlite3 databases and uncompress ...

Read more »

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div> <div style="text-align: justify;"> <b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br /> <b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div> <div style="text-align: justify;"> <b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities and modules in a easy way.<br /> <h3> Features ::  </h3> </div> <ul> <li>- Counters for IP fragmentation packets.</li> <li>- Support for TLS1.2 on the SSLProtocol</li> <li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li> <li>- Integrate with NetfilterPython or other packet systems.</li> <li>- Support for python 3.x versions (check INSTALL).</li> <li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li> <li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li> <li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li> </ul> <h3> Tutorial ::</h3> <b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br /> <b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <h3> Download :: </h3> <b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br /> <b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br /> <b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

Read more »

Daphne (Task Manager Replacement) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPk3IFMMVNghW3amCSO5HL1MSHkmgh9FFcm1fyXH5s8whXg9TR8FkRHaiOoD9loJg_0NKmceu7vjF_m41L8G0my5JXOjdLhGzlANuU-iBeHOQFICsDUmwp49IsgjtHJ5OTi30hdPcMR4zZ/s1600/dap3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Daphne Windows Tool" border="0" height="263" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPk3IFMMVNghW3amCSO5HL1MSHkmgh9FFcm1fyXH5s8whXg9TR8FkRHaiOoD9loJg_0NKmceu7vjF_m41L8G0my5JXOjdLhGzlANuU-iBeHOQFICsDUmwp49IsgjtHJ5OTi30hdPcMR4zZ/s1600/dap3.png" title="Daphne Windows Tool" width="400" /></a></div> </div> <div style="text-align: justify;"> <b>Daphne</b> is a small (system tray) application for <b>killing, controlling and debugging Windows' processes.</b> It was born to kill a <a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> process and became almost a task manager replacement. You can kill a process by dragging the mouse over the windows, by right-clicking the process in the main process list, or by typing its name with the "Kill all by name" command. You can set a any window to be always on top, to be transparent, to be enable.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Features :: </div> <ul style="text-align: justify;"> <li>Main window</li> <ul> <li>CPU and memory information</li> <li>Comprehensive process list </li> <li>Access to drag-and-drop tool</li> </ul> </ul> <div style="text-align: justify;"> </div> <ul style="text-align: justify;"> <li>Drag-and-drop tool (Drop tool over any window)</li> <ul> <li> Find the process which owns a given window</li> <li>Find the window in the process windows tree</li> <li>Kill the process which owns a given window</li> <li>Hide window and remove application from task bar (application keeps running completely hidden, and can be restored later)</li> <li>Set or remove always on top property</li> <li>Set or remove transparency (alpha)</li> <li>Enable or disable window or control</li> <li>Change window size using numbers (ie 640x480)</li> <li>Save window position and size and restore when the process is started</li> </ul> </ul> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <ul style="text-align: justify;"> <li> Process list</li> <ul> <li> Including CPU usage, PID, full path and arguments, owner, class (process or service), memory and swap usage, I/O count.</li> <li>Item highlighting with colors for custom, system and high CPU-consumption processes.<br /> Sortable by any column</li> <li>Quick search-as-you-type find by process name when sorted by Process column</li> <li>Customizable column position and width</li> </ul> </ul> <div style="text-align: justify;"> </div> <ul style="text-align: justify;"> <li> Contextual menu allows for:<br /> <ul> <li>Kill the process or ask it to finish execution</li> <li>Schedule process kill for later</li> <li>Set focus</li> <li>Set or remove always on top</li> <li>Create a trap</li> <li>Change processor affinity mask and optionally trap this configuration</li> <li>Change process priority</li> <li>Handle service (start, stop, pause and continue)</li> <li>Copy process name, PID or path to clipboard</li> <li>Open containing folder</li> <li>Look for or submit to DRK process database.</li> <li>Access to process properties window</li> </ul>  </li> <li>Process properties window<br /> <ul> <li>Full command line</li> <li>Parent process and user</li> <li>Startup timestamp</li> <li>Kernel and user time</li> <li>Show and handle minimum and maximum working set size</li> </ul>  </li> <li>Windows tree allows for:<br /> <ul> <li>Set focus</li> <li>Show or hide window or application</li> <li>Handle always on top</li> <li>Make window resizable</li> <li>Turn caption on and off</li> <li>Send a window message (ie. WM_ACTIVATE) with lParam and wParam values</li> <li>Thread list with priority and CPU time</li> <li>Loaded modules</li> <li>Environment variables</li> <li>I/O information</li> </ul>  </li> <li>Daphne main menu (accesible from tray icon too)<br /> <ul> <li>Run process as other user</li> <li>Close windows by matching title</li> <li>Schedule popup message</li> <li>Schedule system shutdown</li> <li>Access CPU usage graph</li> <li>Open process hierarchy tree</li> <li>Installed software list for inspecting installed software available in tray icon menu. Installed software</li> <li>Control inspector window for revealing hidden passwords and other control information</li> <li>Hidden applications and scheduled tasks list</li> <li>Copy process list to clipboard</li> <li>Windows 7 God Mode and Problem steps recorder</li> <li>Kill all process by matching name </li> </ul>  </li> <li>Traps<br /> <ul> <li>Apply to any process, when its startup is detected.</li> <li>Notify process has been created</li> <li>Kill it</li> <li>Hide the application</li> <li>Set always on top on/off</li> <li>Set transparency (alpha)</li> <li>Set desired priority</li> <li>Notify process destroyed/exited</li> <li>Set process affinity mask</li> <li>Keep windows position and size</li> </ul>  </li> <li>Kill menu: </li> <ul> <li>User-defined menu items. </li> <li>Every item has a process list and kill them when activated</li> <li>Four user-defined command lines to be executed if Ctrl-Shift-F1 to F4 combination is pressed. Works globally.</li> <li>Windows explorer contextual menu integration for files and folders</li> <li>Copy name of full path to clipboard</li> <li>Copy folder file listing to clipboard</li> <li>Open command line (CMD) in folder</li> <li>Check which process has a file opened</li> <li>Google folder or file name</li> </ul> </ul> <div style="text-align: justify;"> Optional global and customizable activation shortcut for showing <b>Daphne</b> main window. Tool for creating log file od every started and stopped process and applied traps. You can make configuration portable using INI file instead of <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> base configuration. </div> <ul> <li>Take care: </li> <ul> <li>process names may be eclipsed by <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malicious</a> software.</li> <li>Command line tool for accesing process list, and kill process by name or kill menu item</li> </ul> </ul> <div style="text-align: justify;"> Internationalization: Spanish, Italian, German, French, Chinese, Swedish, Valencian, Polish, Russian, Portuguese, Japanese, Arabic and Greek support.</div> <div style="text-align: justify;"> <br /> Enhanced (experimental) multidesktop feature: use up to four windows desktops using WindowsKey + F5 to F8. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Video Tutorials :: </b><a href="http://www.drk.com.ar/daphne.php" target="_blank">Click Here </a></div> <h3 style="text-align: justify;"> </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.drk.com.ar/daphne/Daphne_setup_x86.msi" target="_blank">Daphne-x86</a> (.msi) | <a href="http://www.drk.com.ar/daphne/Daphne_setup_x64.msi" target="_blank">Daphne-x64</a> (.msi)<b></b></div> <div style="text-align: justify;"> <b>Source Code :: </b><a href="http://www.drk.com.ar/daphne/Daphne-src.7z" target="_blank">Daphne Source Code</a> (.7z) <b>Official Website :: </b><a href="http://www.drk.com.ar/daphne.php">http://www.drk.com.ar/daphne.php</a><b> Submitted By ::</b> Leandro Fernández</div>

Daphne (Task Manager Replacement) :: Tools

Daphne is a small (system tray) application for killing, controlling and debugging Windows' processes. It was born to kill a wind...

Read more »

OCFA (Open Computer Forensics Architecture) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="OCFA Tools" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFBvdLhCyjycLRfN5dNkY5dJ8DhTpyO1-LAAjtlqcZoz2odPBUVyhs1KU3f-t8QDFAa_LJxuuVAVJRfE1niARh9DzFRqu_wZnESr3NRQFqR6wF8YVJceurWGKd0469rTy_vUIhApL46dEN/s1600/Computer-Forensics.jpg" title="OCFA TOols" /></div> </div> <div style="text-align: justify;"> The <b>Open Computer Forensics Architecture (OCFA)</b> is a modular computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> framework built by the Dutch National Police Agency [KLPD/Dutch]. The main goal is to automate the digital forensic process to speed up the <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">investigation</a> and give tactical investigators direct access to the seized data through an easy to use search and browse interface.<br /> <br /> The architecture forms an environment where existing <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. The <b>Open Computer Forensics Architecture</b> aims to be highly modular, robust, fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.<br /> <br /> Modules in <b>OCFA</b> for reasons of fault tolerance are processes. The basic OcfaLib API makes it possible and relatively easy to build an <b>OCFA</b> module out of any data processing library or tool. OCFA comes with numerous such modules that are mostly wrappers around libraries like libmagic or tools such as those found in the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.<br /> <br /> The 2.2 version of OCFA (released April 2009) makes the previously internal OCFA treegraph API available for OCFA module development. The OCFA treegraph API allows more advanced dissectors that produce data and meta-data for a treegraph representation of an input file. The OCFA treegraph API also allows dissectors that are programed to be CarvFs aware to use zero storage <a href="http://www.toolwar.com/search/label/Carving" target="_blank">carving</a>.<br /> <br /> Communication between modules within OCFA is governed by a two layered communication infrastructure as provided by <b>OCFA</b>. At the lowest layer is a messaging system with at is center the OCFA Anycast Relay. The Anycast Relay provides the facilities of module crash resistance, distributed processing load balancing and flow control. At a higher level of communication, the OCFA XML Router provides for the routing of individual pieces of evidence through the most appropriate tool chain for its particular type of content.<br /> <br /> Although <b>OCFA</b> contains a rudimentary user interface, most of its power is in the backend architecture. The last and final module in the tool chain of any evidence will be the OCFA Data Store Module. This module processes the evidence XML (that contains all of the evidence data its meta data) and stores relevant parts into a postgesql database. Extending the apache based user interface with interfaces for your own case bound queries is something that should proof very useful in most investigations. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Wiki :: </b> <a href="http://ocfa.wiki.sourceforge.net/" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Installation ::</b> <a href="http://ocfa.sourceforge.net/files/InstallingOcfaOnUbuntu.pdf" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Practical Usages :: </b><a href="http://ocfa.sourceforge.net/files/PracticalUseOCFA.pdf" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/ocfa/files/latest/download" target="_blank">OCFA</a> (.tar.bz2)<br /> <b>Official Website ::</b> <a href="http://ocfa.sourceforge.net/">http://ocfa.sourceforge.net/</a></div>

OCFA (Open Computer Forensics Architecture) :: Framework

The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency [...

Read more »

Shellter (Dynamic Shellcode Injection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Shellter Tool Image" border="0" height="361" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoCFTJcSTQINV_sfK7AZLw_70-JcIoAkc47RndYmYREK6nCYviWJX0NHZWC8v57DqpRcode3mTmcXkovY1gp7aZNEH08v3-Wcd-bg13_CPfeQuMQt7Fq7GftMh4LemIyth1rYp_V2KlFPS/s1600/Shellter+Image.JPG" title="Shellter Tool Image" width="640" /></div> <div style="text-align: justify;"> <b>Shellter</b> is a <b>dynamic shellcode injection tool</b>, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>, such as Metasploit.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter </b>takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application.</div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. <b>Shellter </b>will launch and trace the target, while at the same time will log the execution flow of the application. </div> <div style="text-align: justify;"> <b>Shellter</b> traces the entire execution flow that occurs in userland. That means, code inside the target application itself (PE image), and code outside of it that might be in a system dll or on a heap, etc. This happens in order to ensure that functions actually belonging to the target executable, but are only used as callback functions for Windows APIs will not be missed. However, the tracing engine will not log any instructions that are not in the memory range of the PE image of the target application, since these cannot be used as a reference to permanently inject the shellcode.</div> <div style="text-align: justify;"> <b>Why Need :: </b>Executables created through <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> are most likely detected by most AV vendors. By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit 'standalone' native Windows executable to host your shellcode. By 'standalone' means an executable that doesn't need any proprietary DLLs, apart from the system DLLs to load and run. For example, notepad.exe, and many other applications you can find online, or create by yourself as your own custom templates. You can also use applications that make use of proprietary DLLs if those are not required to create the process in the first place, and are normally loaded later on if needed to execute code for a specific task. In case you select an application that needs one or more proprietary DLLs to create the process in the first place then you will have to include them in the same directory from where you load the main executable. However, this is not recommended since it is more convenient to have just a single executable to upload to the target. </div> <h3> Tutorials ::</h3> <b>System Requirement ::</b> Windows XP SP3 (x32/x64) or Higher <br /> <b>Full Description :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Readme.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b><a href="https://www.youtube.com/watch?v=91QmSy-dUEA" target="_blank">Click Here</a><br /> <h3> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Old/Shellter_v1.0.rar" target="_blank">Shellter v1.0 </a>(.rar)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://www.shellterproject.com/introducing-shellter/">https://www.shellterproject.com/introducing-shellter/</a></div>

Shellter (Dynamic Shellcode Injection) :: Tools

Shellter is a dynamic shellcode injection tool , and probably the first dynamic PE infector ever created. It can be used in order to inj...

Read more »

DFF (Digital Forensics Framework) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIl1DdbsO0WfC9qJDGu02Asu8jmU-fMvvGqJMnoXYIsycbH4eFW775XwZteITm_g2b8WSSdGZMbd7O8O3wZHb-6a1jsPqXb98HsFnIMVxzOlcFkVtQFC1j5SodKKFdqH5k_nWuugslcbtP/s1600/DFF+LOgo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="DFF Logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIl1DdbsO0WfC9qJDGu02Asu8jmU-fMvvGqJMnoXYIsycbH4eFW775XwZteITm_g2b8WSSdGZMbd7O8O3wZHb-6a1jsPqXb98HsFnIMVxzOlcFkVtQFC1j5SodKKFdqH5k_nWuugslcbtP/s1600/DFF+LOgo.png" title="DFF Logo" width="400" /></a></div> <div style="text-align: justify;"> <b>DFF (Digital Forensics Framework)</b> is a free and Open Source <b>computer forensics software</b> built on top of a dedicated Application Programming Interface (API). It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.</div> <h3 style="text-align: justify;"> Features :: </h3> <ul style="text-align: justify;"> <li>Preserve digital chain of custody - Software write blocker, cryptographic <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> calculation</li> <li>Access to local and remote devices - Disk drives, removable devices, remote file systems</li> <li>Read standard <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">digital forensics</a> file formats - Raw, Encase EWF, AFF 3 file formats</li> <li><a href="http://www.toolwar.com/search/label/Virtual" target="_blank">Virtual machine</a> disk reconstruction - VmWare (VMDK) compatible</li> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> and <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux OS</a> forensics - <a href="http://www.toolwar.com/search/label/Registry" target="_blank">Registry</a>, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems</li> <li>Quickly triage and search for (meta-)data - Regular expressions, dictionaries, content search, tags, time-line</li> <li><a href="http://www.toolwar.com/search/label/Recovery" target="_blank">Recover</a> hidden and deleted artifacts - Deleted files / folders, unallocated spaces, carving</li> <li>Volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory forensics</a> - Processes, local files, binary extraction, network connections</li> </ul> <div style="text-align: justify;"> <b>Digital Forensics Framework (DFF)</b> is an open source computer forensics software. It advertises the ability to be used by both professionals and non-experts to collect, preserve, and reveal digital evidence without compromising systems and data. </div> <div style="text-align: justify;"> <b>Digital Forensics Framework</b> offers two user interfaces, a graphical one developed in PyQt and providing classical tree view but also more advanced features such as recursive view, tagging, live search or bookmarking. Its command line interface enables to perform <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">digital investigation</a> remotely and comes with usual functionnalities available in common shell such as completion, tasks management, globing or keyboard shortcuts. DFF can also run batch scripts at startup to automate repetitive tasks. Advanced users and developers can also use DFF directly from a <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> interpreter to script their investigation.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>DFF Blog :: </b><a href="http://www.digital-forensic.org/blog/" target="_blank">Click Here</a><b><br /> </b></div> <b>DFF Wiki :: </b><a href="http://wiki.digital-forensic.org/" target="_blank">Click Here</a><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/02uZv72KS88?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Windows :: </b><a href="http://www.digital-forensic.org/en/downloads/dff/" target="_blank">DFF v1.3.0</a> (Free Edition)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://wiki.digital-forensic.org/index.php/Main_Page">http://wiki.digital-forensic.org/index.php/Main_Page</a></div>

DFF (Digital Forensics Framework) :: Framework

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Progra...

Read more »

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" title="Liffy Tool" width="400" /></a></div> <div style="text-align: justify;"> <b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using the built-in wrappers php://input, data://, and a process control extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div> <ul class="task-list" style="text-align: justify;"> <li>Updates * Now comes with ability to use poisoned Apache access logs, and php://filter for code execution and arbitrary file reads.</li> </ul> <div style="text-align: justify;"> <b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 8000. Further development of the tool will eventually include spawning a built-in web server in order to download, for now you can adjust the location and port in the source code for your needs. These can be changed in core.py under the execute functions.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Read more »

Swift (Programming Language for iOS and OS X) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Swift Programming Language" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHLPRk4n2fNLfn9xWCpenPoEdy3NgFcyc_Lv36k6psamOuzRHW4Ps9ALpSPtXgelL4ecZYqkpxSOTN3BGzy9hdNeZItnPAw3FDZZZGtlIqhhfmJ0M-_M0ntROBfayLY-SsdWMnYjBbGtev/s1600/swift.jpg" title="Swift Programming Language" /></div> <div style="text-align: justify;"> <b>Swift</b> is an innovative new <a href="http://www.toolwar.com/search/label/Language" target="_blank">programming language</a> for <b>Cocoa and Cocoa Touch</b>. Writing code is interactive and fun, the syntax is concise yet expressive, and apps run lightning-fast. <b>Swift</b> is ready for your next <a href="http://www.toolwar.com/search/label/iOS" target="_blank">iOS</a> and OS X project — or for addition into your current app — because Swift code works side-by-side with Objective-C.</div> <div style="text-align: justify;"> <b>Swift</b> is a new programming language for creating<b> iOS and OS X apps</b>. Swift builds on the best of C and Objective-C, without the constraints of C compatibility. Swift adopts safe programming patterns and adds modern features to make programming easier, more flexible, and more fun. Swift’s clean slate, backed by the mature and much-loved Cocoa and Cocoa Touch frameworks, is an opportunity to reimagine how software development works. </div> <div style="text-align: justify;"> <b>Swift</b> is the result of the latest research on programming languages, combined with decades of experience building Apple platforms. Named parameters brought forward from Objective-C are expressed in a clean syntax that makes APIs in Swift even easier to read and maintain. Inferred types make code cleaner and less prone to mistakes, while modules eliminate headers and provide namespaces. <a href="http://www.toolwar.com/search/label/Memory" target="_blank">Memory</a> is managed automatically, and you don’t even need to type semi-colons.</div> <div style="text-align: justify;"> Swift has many other features to make your code more expressive:</div> <ul class="circle" style="text-align: justify;"> <li>Closures unified with function pointers</li> <li>Tuples and multiple return values</li> <li>Generics</li> <li>Fast and concise iteration over a range or collection</li> <li>Structs that support methods, extensions, protocols.</li> <li>Functional programming patterns, e.g.: map and filter</li> </ul> <h3 class="padding-top-20 padding-bottom-5" style="text-align: justify;"> Interactive Playgrounds</h3> <div style="text-align: justify;"> Playgrounds make writing <b>Swift code</b> incredibly simple and fun. Type a line of code and the result appears immediately. If your code runs over time, for instance through a loop, you can watch its progress in the timeline assistant. The timeline displays variables in a graph, draws each step when composing a view, and can play an animated SpriteKit scene. When you’ve perfected your code in the playground, simply move that code into your project. With playgrounds, you can:</div> <ul class="circle" style="text-align: justify;"> <li>Design a new algorithm, watching its results every step of the way</li> <li>Create new tests, verifying they work before promoting into your test suite</li> <li>Experiment with new APIs to hone your Swift coding skills</li> </ul> <div class="padding-top-10" style="text-align: justify;"> <b>Read-Eval-Print-Loop (REPL)</b>. The debugging console in Xcode includes an interactive version of the Swift language built right in. Use Swift syntax to evaluate and interact with your running app, or write new code to see how it works in a script-like environment. Available from within the Xcode console, or in Terminal.</div> <h3 class="padding-bottom-5" style="text-align: justify;"> Designed for Safety</h3> <div style="text-align: justify;"> <b>Swift</b> eliminates entire classes of unsafe code. Variables are always initialized before use, arrays and integers are checked for overflow, and memory is managed automatically. Syntax is tuned to make it easy to define your intent — for example, simple three-character keywords define a variable (var) or constant (let).</div> <div style="text-align: justify;"> The safe patterns in Swift are tuned for the powerful Cocoa and Cocoa Touch APIs. Understanding and properly handling cases where objects are nil is fundamental to the frameworks, and Swift code makes this extremely easy. Adding a single character can replace what used to be an entire line of code in Objective-C. This all works together to make building <a href="http://www.toolwar.com/search/label/iOS" target="_blank">iOS</a> and Mac apps easier and safer than ever before.</div> <h3 class="padding-top-30 padding-bottom-5" style="text-align: justify;"> Fast and Powerful</h3> <div style="text-align: justify;"> From its earliest conception, Swift was built to be fast. Using the high-performance LLVM compiler, Swift code is transformed into optimized native code, tuned to get the most out of modern Mac, iPhone, and iPad hardware. The syntax and standard library have also been tuned to make the most obvious way to write your code also perform the best.</div> <div style="text-align: justify;"> Swift takes the best features from the C and Objective-C languages. It includes low-level primitives such as types, flow control, and operators. It also provides object-oriented features such as classes, protocols, and generics, giving Cocoa and Cocoa Touch developers the performance and power they demand.</div> <h3 class="padding-top-30 padding-bottom-5" style="text-align: justify;"> Ready Today</h3> <div style="text-align: justify;"> You can begin using Swift code immediately to implement new features in your app, or enhance existing ones. New Swift code co-exists along side your existing Objective-C files in the same project, making it easy to adopt. And when iOS 8 and OS X Yosemite are released this fall, you can submit apps that use Swift to the App Store and Mac App Store.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/NQXnYeI6wJ4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> </h3> <h3 style="text-align: justify;"> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/c8BGQ3CfPBs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>iTunes :: </b><a href="https://itunes.apple.com/us/book/the-swift-programming-language/id881256329?mt=11#" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Swift :: </b><a href="https://itunes.apple.com/us/book/the-swift-programming-language/id881256329?mt=11" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://developer.apple.com/swift/">https://developer.apple.com/swift/</a></div> <div style="text-align: justify;"> <br /></div>

Swift (Programming Language for iOS and OS X) :: Tools

Swift is an innovative new programming language for Cocoa and Cocoa Touch . Writing code is interactive and fun, the syntax is concise...

Read more »

Second Look (Linux Memory Forensics) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both;">  <img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj3s-HN2dZGFNYEv4wk6IGLmblttBSVAhyiADK6Tcg_sE6ucHyhB_M1xINBz418Iy8K5vLizCBYB253oHqRxFsyyY8VZykHyveoJ2XteU5fG4hbI2gGuQ-r6z4iNVCrNR0thbZCaMasHa_/s1600/secondlook.jpg" width="640" /></div> The Incident Response edition of <b>Second Look®: Linux Memory Forensics</b> is designed for use by investigators who need quick, easy, and effective <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory acquisition</a> and analysis capabilities. Second Look® is a product of Raytheon Pikewerks Corporation. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Memory_Acquisition"> Memory Acquisition::</span></h3> <div style="text-align: justify;"> <b>Second Look®</b> preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> script allows for acquisition of <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Memory_Analysis"> Memory Analysis ::</span></h3> <div style="text-align: justify;"> <b>Second Look® </b>interprets live system memory or captured memory images, detecting and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse engineering</a> malware, including stealthy kernel <a href="http://www.toolwar.com/search/label/Rootkit" target="_blank"> rootkits</a> and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels. </div> <div style="text-align: justify;"> <b>Second Look®</b> also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Supported_Systems"> Supported Systems ::</span></h3> <div style="text-align: justify;"> Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">Linux distributions</a>. The following are its capabilities as of April 2012: </div> <ul style="text-align: justify;"> <li> Supported target kernels: 2.6.x, 3.x up to 3.2 </li> <li> Supported target architectures: x86 32- and 64-bit </li> <li> Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more! </li> </ul> <h3 style="text-align: justify;"> Product features (Second Look Incident Response Edition) ::</h3> <ul style="text-align: justify;"> <li>Memory acquisition and analysis for all 32- and 64-bit x86 (i386/i486/i586/i686, amd64/x86_64) Linux systems running 2.6- and 3-series kernels. This includes: <ul> <li>Amazon Linux 2010.11 through 2014.03, and higher;</li> <li>Debian 4 through 7, and higher;</li> <li>Fedora 2 through 20, and higher;</li> <li>Red Hat Enterprise Linux (RHEL) and CentOS 4.x, 5.x, 6.x, and higher;</li> <li>Ubuntu 4.10 through 14.04, and higher;</li> <li>and other distributions.</li> </ul> </li> <li>Analysis via command line interface (CLI) or graphical user interface (GUI) applications which run on Ubuntu 12.04 (32- or 64-bit) or RHEL/CentOS 6.x (64-bit).</li> <li>Automatic kernel version identification — just select a memory image and go.</li> <li>Supported memory image formats: <ul> <li>raw physical memory images ("mem" format — as produced by secondlook-memdump, Inception, and other tools);</li> <li>SLM memory images ("slm" format — a high-performance compressed memory image format used by Second Look Enterprise Security Edition);</li> <li>LiME memory images ("lime", "padded", or LiME "raw" formats — "lime" and LiME "raw" formats require conversion with secondlook-lime2mem or secondlook-limeraw2mem, respectively ‐ LiME "padded" is the equivalent of a raw physical memory image);</li> <li>VMware virtual machine snapshots ("vmem", "vmsn", or "vmss" formats — "vmsn" and "vmss" formats, as well as "vmem" files from VMs with >4GB RAM, require conversion with VMware's vmss2core and secondlook-core2mem);</li> <li>VirtualBox snapshots ("vbc" format — via conversion with secondlook-vbc2mem); and</li> <li>KVM Libvirt-QEMU-Save or QEMU-savevm snapshots ("lqs" or "qsv" formats — via conversion with lqs2mem, originally secondlook-lqs2mem, now an open source project).</li> </ul> </li> <li>Support for analysis of memory images from systems running either distribution stock kernels or custom kernels.</li> <li>Support for analysis of memory images from Amazon EC2 instances (under both pv and hvm virtualization types).</li> <li>Access to a repository of over 9000 ZRKs (Zipped Reference Kernels) providing the metadata and baseline for analysis and verification of CentOS, Debian, Fedora, RHEL, and Ubuntu stock kernels.</li> <li>An easy-to-use tool for creation of ZRKs for other distributions or for custom kernels.</li> <li>Second Look ZRKs can also be used as Volatility profiles.</li> <li>Integrity verification of the kernel and processes in memory.</li> <li>Access to a pagehash database containing hashes of the executable code pages of the ELF executables and shared libraries from over 2 million software packages from the Amazon, CentOS, Debian, Fedora, RHEL, and Ubuntu distributions.</li> <li>An easy-to-use tool for the addition of pagehashes supporting verification of custom or third-party software.</li> <li>Detection of kernel rootkits, backdoors, and other kernel-mode malware (known and unknown varieties).</li> <li>Detection of shared library rootkits, keyloggers, spyware, injected libraries, injected threads, and other user-mode malware (known and unknown varieties).</li> <li>Detection of unknown or unauthorized processes.</li> <li>Recovery of device mapper crypto keys for LUKS, TrueCrypt, and other full disk encryption schemes.</li> <li>Extraction of system state from captured memory images, including loaded kernel modules, running processes, memory mappings, open files, active network connections, and more. Output is available in the GUI, in plain text from the CLI, and in JSON format for ingestion by other programs.</li> <li>Offline usage is supported via a subscription to our ZRK and pagehash reference data feeds.</li> </ul> <h3 style="text-align: justify;"> More Reasons to Choose Second Look</h3> <div style="text-align: justify;"> Beyond the unique and powerful Linux Incident Response feature set listed above, what sets Second Look apart is the team behind it and the quality of the software they deliver. </div> <ul style="text-align: justify;"> <li>The Second Look Team provides professional support via phone and email, with on-site consulting services available. You get direct access to experts in Linux system internals and security.</li> <li>Customer feedback often quickly leads to new features.</li> <li>Second Look ships with comprehensive documentation, including a User Guide with explanations of the techniques most commonly used by attackers to maintain stealthy persistence on Linux systems.</li> <li>Second Look is regression tested against a large suite of sample memory images to ensure maximum quality and compatibility.</li> <li>If you like the visibility that Second Look gives you during investigations, you can upgrade to the Enterprise Security edition to monitor your systems on an ongoing basis.</li> </ul> <ul style="text-align: justify;"> </ul> <h3 style="text-align: justify;"> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wt326aXmDMA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b>$1495 (USD) | <a href="http://secondlookforensics.com/contact/" target="_blank">Contact Here</a> for Purchase</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://secondlookforensics.com/">http://secondlookforensics.com/</a></div>

Second Look (Linux Memory Forensics) :: Tools

  The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and e...

Read more »