RE: Exploit package analysis

• Previous message: joekim13_at_securityfocus.com: "Re: IPS comparison"
• In reply to: Erin Carroll: "Exploit package analysis"
• Next in thread: mark.handy_at_morganstanley.com: "Re: RE: Exploit package analysis"
• Maybe reply: mark.handy_at_morganstanley.com: "Re: RE: Exploit package analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Erin Carroll'" <amoeba@amoebazone.com>, <pen-test@securityfocus.com>
Date: Fri, 29 Jul 2005 13:42:29 -0600

Erin,

The sandbox that I set up to run things like malware or test new
technologies in is vmware. You can set up any type of environment you want
and if set up properly can contain whatever it is you want to contain. If
something happens to the OS within vmware, you simply reload the image and
your good to go again.

Matt

-----Original Message-----
From: Erin Carroll [mailto:amoeba@amoebazone.com]
Sent: Thursday, July 28, 2005 10:45 AM
To: pen-test@securityfocus.com
Subject: Exploit package analysis

All,

Some of the fun of moderating this list is getting a wide exposure to
aspects of pen-testing I have yet to tackle. One thing managing the list has
prompted me to explore is exploit/code package analysis... thanks to all the
spam I get to sift through :)

In addition to worrying about my poker game, manly endowment & performance,
and Rolex collection (once I get money from my friends in Nigeria), I get a
lot of spams with attachments, usually .zip, that are obviously malware that
I'd like to open up safely and see how they tick. I'm hoping to pick up some
interesting pen-test techniques by looking at the current state of malware
exploits to see how they work/reproduce/hide at the system level. While most
of them I assume will be run-of-the-mill spambot or zombie generators,
there's always a chance of running across a 0-day in the wild.

My question to all of you is what are some basic sandbox tools you would
recommend to pursue this? Does anyone work in a similar vein and has the
experience been helpful in your pen-testing work?

--
Erin Carroll
"Do Not Taunt Happy-Fun Ball" 

• Previous message: joekim13_at_securityfocus.com: "Re: IPS comparison"
• In reply to: Erin Carroll: "Exploit package analysis"
• Next in thread: mark.handy_at_morganstanley.com: "Re: RE: Exploit package analysis"
• Maybe reply: mark.handy_at_morganstanley.com: "Re: RE: Exploit package analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Exploit package analysis ... malware, I recommended running it on a separate box and following ... Subject: Exploit package analysis ... aspects of pen-testing I have yet to tackle. ... spam I get to sift through:) ... (Pen-Test) RE: Exploit package analysis ... to a fresh OS state after a malware analyzing session. ... > Subject: Exploit package analysis ... > exposure to aspects of pen-testing I have yet to tackle. ... thanks to all the spam I get ... (Pen-Test) Re: Rootkits ... Keep in mind that a lot of malware today detects ... VMWare and, in case it's running in a virtual machine, exits or does ... vulnerability management needs. ... Download FREE whitepaper on how a managed service can help you: ... (Pen-Test) RE: Exploit package analysis ... but those as internal malware findings. ... a sense of where and what is doing external in a sandbox. ... RCE using IDA is at the core of analyzing malware and you have ... a UPX unpacker, it loaded the file into memory and ran it. ... (Pen-Test) Exploit package analysis ... aspects of pen-testing I have yet to tackle. ... spam I get to sift through:) ... interesting pen-test techniques by looking at the current state of malware ... experience been helpful in your pen-testing work? ... (Pen-Test)