Re: Exploit package analysis

From: Mattias Ahnberg (mattias_at_ahnberg.pp.se)
Date: 07/29/05

  • Next message: Ivan C: "Re: IPS Comparison"
    Date: Fri, 29 Jul 2005 13:35:13 +0200
    To: pen-test@securityfocus.com
    
    

    Erin Carroll wrote:
    > My question to all of you is what are some basic sandbox tools you would
    > recommend to pursue this? Does anyone work in a similar vein and has the
    > experience been helpful in your pen-testing work?

    I normally use VMware with one or more boxes in a virtual VMware-internal
    network to test things out. Its easy to take a snapshot, entirely trash a
    system, press a button and revert all changes back to the state it was in
    before you begun. A _huge_ timesaver when debugging & analyzing.

    In Windows I run tools like ethereal, sysinternals tools (filemon, regmon
    and whatever else suits your current needs) and ollydbg for example. As a
    complement to the Windows box I usually have another virtual machine alive
    with Linux on it; I run a VMware internal network and use the Linux box as
    default gateway for the Windows box, and therefore see all traffic that
    the box attempts to send out when infected.

    On the Linux (or whatever OS you favor at the time) box it is useful to
    run something like dsniff's arpspoof & dnsspoof.

    There are a million ways you can do things like this. Put perhaps this is
    of some use to someone. :)

    -- 
    /ahnberg.
    

  • Next message: Ivan C: "Re: IPS Comparison"