Professional Documents
Culture Documents
CONTACT
FEATURED TOOL
HARDWARE LAB
DealingwithUnknownCodeandMalwareAttacks
usingTheMemoryCruncher VIDEO
BuiltonBlockWatchTechnology Briefoverviewofservices
availablefromthe
Determiningifyourecompromisedcanbeacomplexprocess. expandedIOActive
Youneedtoanalyzeallthecomponentsofavirus,APT,orother HardwareLab.Viewhere
unauthorizedactivityanduseseveraldifferent(andsometimes orviaYouTube.(3:13)
difficult)approachestobesuccessful.Oneusefulmethodisto
usememoryanalysis.
IOActivesBlockWatchdoesthatforyou.Itisthelargest
availablehashdatabase,containing400+millionintegritychecks.
Itprovidessoftwareassuranceandhighintegrityverificationof
thevolatilememoryinWindowsbasedsystems.TheIOActive
MemoryCruncherisafreeSoftwareasaService(SaaS)
applicationthatgivesyouinstantaccesstoBlockWatchsnetwork
hostedsecurehashwhitelist.
FEATURED
TheMemoryCruncheraddressesthecomplexchallenges RESEARCH
associatedwithintegrityattestation.Itinterpretsphysicalmemory Discoverawealthof
snapshots,normalizesinputs,andensurescompleteness.You usefulandinteresting
caneasilygeneratereportsinMicrosoftWordorsimply informationfromthe
browsetogetagoodideaaboutwhatisreallyrunningonyour IOActiveresearchteam
computer. rangingfromwhitepapers
topresentationstocase
studiesandmore.And
dontmissourpopular
Blog.
inVtero.net BLOG
Expandingonprocessdetectionintomicroarchitecture InFlightHacking
independenthypervisorintrospection.TheaimofinVtero.netisto System
providesomeveryhighperformance,highassuranceinterfaces
toworkwithphysicalmemorydumps.Isolationandextractionof
processmemory,includingrecursiveintrospectionof
VM/hypervisorsthatmayberunning.
DOWNLOADFROMGITHUB
Polarbearscan
Thistoolachievesfasterandmoreefficientbannergrabbingand
portscanningbycombiningtwoexistingideas.Ittakesstateless
SYNscanningusingcryptographicallyprotectedcookiestoparse WHITEPAPER
incomingacknowledgements.Italsousesapatcheduserland AWakeUpCallFor
TCP/IPstacksothescannercanrestorestateimmediatelyupon SATCOMSecurityBy
receivingacryptographicallyverifiedpacketwithboththeSYN RubenSantamarta
andACKflagsset.Pleasenotethatthescannerrightnowonly SatelliteCommunications
supportsIPv4basedscanninganditwillonlyworkproperlyover (SATCOM)playavitalrole
Ethernettype(wiredorwireless)interfaces.Therearenoplansto intheglobal
supportIPv6ordifferentinterfacesinthenearfuture. telecommunications
system.IOActive
DOWNLOADSOURCE evaluatedthesecurity
postureofthemostwidely
deployedInmarsatand
MelkorFuzzerforELF
IridiumSATCOM
AlejandroHernndezisaSeniorSecurityconsultantforIOActive. terminals.
HistoolassistswiththeELFparsingprocess.Melkor,writteninC,
isanintuitiveandeasytouseELFfileformatfuzzer.Itmutates LAUNCHPDF
theexistingdatainanELFsamplehowever,itdoesnotchange
valuesrandomly(dumbfuzzing),instead,itfuzzescertain
metadatawithsemivalidvaluesthroughtheuseoffuzzingrules.
Inordertohavehighercode/branchcoverageduringtesting,
certainmetadatadependenciesmustbeinplace.
DOWNLOADSOURCE MEDIA
CarHacking2With
IOActiveSChris
IOAQRF(beta) Valasek&TwitterS
CharlieMiller
Thistool,writtenbySimonRosesFemerling,consistsoftwofiles:
aPythonfilethatgeneratesQRfuzzpatternsandashellscript Watchthisvideoclipshot
thatcanbeusedtogeneratecommonQRcodecontentthatapps byFORBESshowinghow
use,suchasphonenumbers,SMS,andURLs. ChrisandCharliecontrol
carswithCANmessage
DOWNLOADSOURCE injections.
WATCHVIDEO
DDSFuzzers
ThiscollectionoffuzzerscanfuzzDHCPservers,iCalendar
parsers,IRCclients,Socketsystemcalls,UNIXsystemcalls,and
TFTPservers.Italsoincludesmangle.c,abinaryfiledumbfuzzer
thatflipssomebits.WritteninC,Perl,andPython,mostofthese
toolsarestraightforwardandcontainonlyacoupleofhundred
TOOLS&APPLICATIONS
linesofcode.
BlockWatchBETA
DOWNLOADSOURCE BlockWatchhelpsenable
atrustedcloud
infrastructure.Itanalyzes
NTLMWebProxy thememoryacquiredfrom
hypervisortypecloud
Simpleandprecise,thistoolsfunctionalitygivesyouaproxythat
infrastructuresandalerts
spoofsanNTLMrequesttoadomainjoinedrequest,andthen
youifanyunknowncode
forwardstheNTLMchallenge/responsesequencetoatargeted
isrunning.
server.ItworksjustlikeSMBReflection,butoverHTTP.
DOWNLOADSOURCE
SimpleStupidHTTPV1
TiredofdealingwitheasytoownHTTPdaemons?Dontwant
dynamiccontentorsupercoolchunkedthreading?Justwantto
serveupstaticcontent?StupidSimpleV1livescompletelyin
memoryafterinitialfileupload,anditperformsnodynamic
memoryaccessafterlisteningisinitialized(unlessyouspecifyan
intervalreload).Featuresincludetheabilitytoserviceonlyvalid
GETrequests,nomemorywritesexceptduringfileloadand
kernellevelrecv(),nodynamiccontent,nosubdirectorysupport,
andnodynamicheadersexceptcontenttype.
DOWNLOADSOURCE
MemSearchMemorySearchingTool
Thiscrossplatform(LinuxandWin32)toolallowsyoutosearch
fortrampolineinstructionsinmemory.
DOWNLOADSOURCE
DNSWhat?ScanningTool
Thistoolsfunctionalityistwofold:(1)scanthedesignatednetwork
segmentforactiveDNSserversand(2)sniffoffthewireto
determinewhetherDNSservers(localhostoronthelocal
segment)arevulnerabletothenewDNScachepoisoningattack.
DOWNLOADSOURCE
LIBWifiToolKit
TheLIBWifiToolKitprovidesresearcherswithaframeworkin
whichtofuzz802.11protocols.
DOWNLOADSOURCE
Snarkv0.16HTTPInterrogationProxy
Asocalled"attackproxy",Snarkallowsausertomonitorandedit
HTTPrequestsandresponses.Snarkcanbeconfiguredtoactas
awebproxy,orinatunnelmodewhichallowsforproxychaining,
orusewithothertools.Snarkwaswritteninperlandshouldrunin
anyenvironmentthatissupportedbyperl,andwxWindows.
DOWNLOADSOURCE
DOWNLOADINSTALLER
Morfv0.3NinjaEncoder
Morfisthesupremeninjagodofencodings.URL,HTTP,Base64,
HEX,MD5,SHA1,UTF7,thelistgoeson...
DOWNLOADSOURCE
DOWNLOADINSTALLER
SecretSquirrelv0.8PasswordManager
SecretSquirrelisyourbasicpasswordmanagerapplication
writteninJava.Itrunsonallplatformsthatsupportrecent
versionsofJava.ItusesBlowfishandSHA384,password
generationusingJavasecurerandomobject(fullyconfigurable),
passwordgroups,andsoon.
DOWNLOADSOURCE
DOWNLOADCOMPILED
DOWNLOADINSTALLER
Custosv0.1bDapiWrapper
ThisisabetaversionofCustosthatisaworkingexampleofusing
theDAPIAPIstostoresecrets.TheincludedVisualStudio2003
projectisbothaCOMobjectandAssembly,whichcanbeusedby
ASPandASP.NETprojects.Additionally,amanagerapplicationis
providedtohelpcreatetherequiredRegistryentries.
DOWNLOADSOURCE
TabbyTunnelSSLTunnelforWindows
ThisisanSSLtunnelthatcanmakeuseofcertificatesinthe
WindowsCertificateStore.Thisisusefulforcreatingtunnelsto
clientcertificateauthenticatedservices.TabbyTunnelmakesuse
oftheIOActive.SSLlibrary.
DOWNLOADSOURCE
DOWNLOADBINARY
IOActive.SSLMicrosoft.NETSSLLibrary
ThislibrarythatallowsforeasieruseofSSLin.NETtools.Itis
usedbyTabbyTunnel.
DOWNLOADSOURCE
DOWNLOADBINARY
SERVICES IOACTIVELABS NEWS ABOUT