Skip navigation.
Home

Einstein's blog

moth

Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for Testing Web Application Security Scanners, Testing Static Code Analysis tools (SCA) and Giving an introductory course to Web Application Security

The motivation for creating this tool came after reading "anantasec-report.pdf" which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools. For almost every web application vulnerability that exists in the wild, there is a test script available in moth.

More information and download:
http://www.bonsai-sec.com/en/research/moth.php

Zero Wine: QEMU based malware auto-analysis

Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program.

The output generated by wine (using the debug environment variable WINEDEBUG) are the API calls used by the malware (and the values used by it, of course). With this information, analyzing malware's behavior turns out to be very easy.

Wepawet: analyzing web-based malware

Hello guys!

Wepawet is a new service for detecting and analyzing web-based malware. It currently handles Flash and JavaScript files.

http://wepawet.iseclab.org

Things you can do with Wepawet:
- Determine if a page or file is malicious
- wepawet runs various analyses on the URLs or files that you submit. At the end of the analysis phase, it tells you whether the resource is malicious or benign and provides you with information that helps you understand why it was classified in a way or the other.
- wepawet displays various pieces of information that greatly simplify the manual analysis and understanding of the behavior of malicious samples. For example, it gives access to the unobfuscated malicious code used in an attack. It also collects the URLs accessed by a sample.
- wepawet does not just tell you that a resource is malicious, it also shows you the exact vulnerability (or, more likely, the vulnerabilities) that are exploited during an attack.

Malware Challenge

|

Participants should download the malware sample and analyze it. The end result should be a document containing details on the analysis performed. The analysis document can be written in any form, but the questions and statements beow should be answered within it. Participants should note what questions are being answered.

All the rules here:
http://www.malwarechallenge.info/challenge.html

Prizes:
http://www.malwarechallenge.info/sponsors.html

Partizan

Hello guys!

I have found malwares that download Partizan.exe. I can't determine if Partizan is clean or not, and why its used by some bankers.

In this page Partizan is described like an antirootkit, part of UnHackMe:
http://www.greatis.com/appdata/a/p/partizan.exe.htm

This is the malware that use Partizan.

Sandbox running and reg entrance:
http://www.cwsandbox.org/?page=details&id=159720&password=tsbcv

Perlovga

Hi everybody!

I need a sample of Perlovga, a file infector of flash memory and others, to test a new removal tool.
Thanks!

Hello!

Hello guys from Offensive Computing.

I´m from Sao Paulo, Brazil, and a staff member of Linha Defensiva Security Forum, where we analyse and solve problems with malware, specialy brazilians malware bankers.

Congratulations for all

Einstein
www.linhadefensiva.org
http://linhadefensiva.uol.com.br/forum

Syndicate content