[TOOL] .NETMon - .NET Flow Tracing
From: SecuriTeam (support_at_securiteam.com)
Date: 05/17/05
- Previous message: SecuriTeam: "[NEWS] Neteyes Nexusway's Weak Authentication, Shell Escaping and Command Execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 17 May 2005 11:14:01 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
.NETMon - .NET Flow Tracing
------------------------------------------------------------------------
SUMMARY
DETAILS
The information from .NET hooks can be used to build tools capable of
analyzing code timings, exception handling, and memory usage. Foundstone's
interest in the profiling API was to develop a flow analysis tool that
gives auditors the capability of following the flow of function calls to
better understand the code execution and ferret out the vulnerabilities
that may exist in the application.
Flow tracing is a useful part of application debugging and analysis. For
every test case written to check the reliability of the code, the ability
to follow the execution flow and check for code coverage seems to be of
immense value to developers, debuggers, and testers. Foundstone introduces
NETMon to equip developers and debuggers with a tool which will allow
them do organized flow tracing of applications and to identify security
loopholes.
The profiling APIs do not require any code additions or modification which
eliminates any changes needed to profile an application. Its event driven
design allows the definition of the events that should be sent to the
'listener' application. With the current version, there is some
performance impact because the events are being monitored by the
FunctionEnter and FunctionLeave hooks which are fired for each Managed
Method executed by the CLR. This issue will be addressed in the next
version of .NETMon which will resolve the function's signature (return
type, namespace, method name and parameters) asynchronously.
ADDITIONAL INFORMATION
The information has been provided by <mailto:mark.curphey@foundstone.com>
Curphey, Mark.
To keep updated with the tool visit the project's homepage at:
<http://www.foundstone.com> http://www.foundstone.com
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Neteyes Nexusway's Weak Authentication, Shell Escaping and Command Execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
