Overblog Suivre ce blog
Administration Créer mon blog

29 articles avec methodology

DLL Injection in Firefox.exe

DLL Injection in Firefox.exe

NB. The tool has been renamed for T.O.S reasons, but can be easily found for free. We launch the injector tool via CMD: We launch the command "kareldjagdll firefox hookdll_heap.dll" If we check the loaded modules of Firefox, we distinguish the new dll:...

Lire la suite

HAXSPY Profiling

HAXSPY Profiling

The scan on VirusTotal: Creation of objects (service/driver, dll and registry entry) : Process memory injection in explorer.exe: Hooks in ntdll: Network connections: Some other actions: -the loaded driver and service: A summarize of the actions: The complete...

Lire la suite

Postcard.gif profiling

Postcard.gif profiling

Processes:PID ParentPID User Path --------------------------------------------------380 512 C:Documents and SettingsInternet2Mes documentssyfilessyfileszipchast_ppostcards.gif.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

Virus Profiling

Virus Profiling

Processes:PID ParentPID User Path --------------------------------------------------3328 1252 C:Documents and SettingsAdministrateur.POSTE2Mes documentsMes vidéosVirusVirus.exe Ports:Port PID Type Path --------------------------------------------------...

Lire la suite

IE Text Range Exploit

# Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E23990D0 C:\Program Files\Internet Explorer\iedw.exe STATUS_SUCCESS FileNameInformation2 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

REGISTRATOR ACTIONS

# Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation2...

Lire la suite

PRESENTATION

Introduction, disclaimer and other informations There's no radical and ultimate method for testing HIPS. For evident reasons, we can't submit each product to all available malwares and try all possible attacks. Finally, we choose to submit the HIPS to...

Lire la suite

FINJAN TEST: crashing IE

Process Request IRP Flags FsContext Path Status More info 1 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E14410D0 C:Program FilesInternet Exploreriedw.exe STATUS_SUCCESS FileNameInformation2 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

Lire la suite

ICMP Sniffing (via CMD)

NB: IP source and destination have been removed: ICMP datagram sniffer v1.0Alpha5 compiled on Wed Dec 10 04:52:06 1997 PST. loading winsock...winsock version 2.2 (ws2_32.dll) loaded.starting Async window...starting detector... ...now sniffing Mar 17 20:00:27...

Lire la suite

<< < 1 2 3