Overblog Suivre ce blog
Administration Créer mon blog
ROOTKIT TEST

ROOTKIT TEST

Here we just illustrate some rootkit behaviours and show detection by some well known or not anti-rootkit tools.For more information, it can be suited to take a look at the next version of my article which will be updated this summer. NB.Srip32.exe is...

Lire la suite

MAN in the MIDDLE TEST with SSLAGY (R)

MAN in the MIDDLE TEST with SSLAGY (R)

This tool designed by a french specialist is a Proof of Concept wich illustrates HTTPS Man in the Middle attack via Internet Explorer.This tool has been renamed for TOS reasons, and is currently not detected by antivirus (false positives on the next screenshot):...

Lire la suite

MSN TESTS

MSN TESTS

With MSN to CGI: This tool uses a kind of social engineering attack in order to delude the user.Firstly it terminates the real Messenger, and replaces it by a fake one; then the user is prompted to type its MSN ID (mail, password) which can after be sent...

Lire la suite

HOOKDUMP Requests

NB.This old keylogger is designed for 16 bits and not win32 system, that's why ntdvm.exe is required.In red, the creation of the log. # Time sent Dur. Process Thread ID DeviceObject IRP Request IRP Flags Nested FileObject FsContext FsContext2 FO Flags...

Lire la suite

PCFlank Leaktest part 2

PCFlank Leaktest part 2

Processes:PID ParentPID User Path --------------------------------------------------272 1476 POSTE2:Administrateur C:Documents and SettingsAdministrateur.POSTE2Mes documentsMes vidéosPCFlankLeaktest.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

PCFlank Leaktest

PCFlank Leaktest

This is the new version of the PCFlank Leaktest. Since there's no "allow/permit" rule for the browser (in our case Internet Explorer), we can't consider that it bypasses firewalls.In fact this leaktest just demonstrates a classical method of spying via...

Lire la suite

FIREFOX DoS exploit

Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:02:10.984 0 msimn.exe IRP_MJ_QUERY_INFORMATION 00000010 E19D50D0 C:Program FilesOutlook Expressmsimn.exe STATUS_SUCCESS FileNameInformation2 19:02:11.000 0 msimn.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

DLL Injection in Firefox.exe

DLL Injection in Firefox.exe

NB. The tool has been renamed for T.O.S reasons, but can be easily found for free. We launch the injector tool via CMD: We launch the command "kareldjagdll firefox hookdll_heap.dll" If we check the loaded modules of Firefox, we distinguish the new dll:...

Lire la suite

HAXSPY Profiling

HAXSPY Profiling

The scan on VirusTotal: Creation of objects (service/driver, dll and registry entry) : Process memory injection in explorer.exe: Hooks in ntdll: Network connections: Some other actions: -the loaded driver and service: A summarize of the actions: The complete...

Lire la suite

Postcard.gif profiling

Postcard.gif profiling

Processes:PID ParentPID User Path --------------------------------------------------380 512 C:Documents and SettingsInternet2Mes documentssyfilessyfileszipchast_ppostcards.gif.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

<< < 1 2 3 4 > >>