Overblog Suivre ce blog
Administration Créer mon blog
Virus Profiling

Virus Profiling

Processes:PID ParentPID User Path --------------------------------------------------3328 1252 C:Documents and SettingsAdministrateur.POSTE2Mes documentsMes vidéosVirusVirus.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

IE Text Range Exploit

# Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E23990D0 C:\Program Files\Internet Explorer\iedw.exe STATUS_SUCCESS FileNameInformation2 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

REGISTRATOR ACTIONS

# Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation2...

Lire la suite

PRESENTATION

Introduction, disclaimer and other informations There's no radical and ultimate method for testing HIPS. For evident reasons, we can't submit each product to all available malwares and try all possible attacks. Finally, we choose to submit the HIPS to...

Lire la suite

FINJAN TEST: crashing IE

Process Request IRP Flags FsContext Path Status More info 1 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E14410D0 C:Program FilesInternet Exploreriedw.exe STATUS_SUCCESS FileNameInformation2 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

ICMP Sniffing (via CMD)

NB: IP source and destination have been removed: ICMP datagram sniffer v1.0Alpha5 compiled on Wed Dec 10 04:52:06 1997 PST. loading winsock...winsock version 2.2 (ws2_32.dll) loaded.starting Async window...starting detector... ...now sniffing Mar 17 20:00:27...

Lire la suite

<< < 1 2 3 4