Top articles

  • ICMP Sniffing (via CMD)

    31 mars 2006 ( #METHODOLOGY )

    NB: IP source and destination have been removed: ICMP datagram sniffer v1.0Alpha5 compiled on Wed Dec 10 04:52:06 1997 PST. loading winsock...winsock version 2.2 (ws2_32.dll) loaded.starting Async window...starting detector... ...now sniffing Mar 17 20:00:27...

  • FINJAN TEST: crashing IE

    01 avril 2006 ( #METHODOLOGY )

    Process Request IRP Flags FsContext Path Status More info 1 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E14410D0 C:Program FilesInternet Exploreriedw.exe STATUS_SUCCESS FileNameInformation2 15:20:31.593 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

  • PRESENTATION

    02 avril 2006 ( #METHODOLOGY )

    Introduction, disclaimer and other informations There's no radical and ultimate method for testing HIPS. For evident reasons, we can't submit each product to all available malwares and try all possible attacks. Finally, we choose to submit the HIPS to...

  • REGISTRATOR ACTIONS

    04 avril 2006 ( #METHODOLOGY )

    # Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:03:04.593 0 weqehmof.exe IRP_MJ_QUERY_INFORMATION 00000010 E14B47E8 C:\Documents and Settings\Internet2\Local Settings\Temp\spylog\weqehmof.exe STATUS_SUCCESS FileNameInformation2...

  • IE Text Range Exploit

    07 avril 2006 ( #METHODOLOGY )

    # Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION 00000010 E23990D0 C:\Program Files\Internet Explorer\iedw.exe STATUS_SUCCESS FileNameInformation2 19:24:53.812 0 iedw.exe IRP_MJ_QUERY_INFORMATION...

  • FIREFOX DoS exploit

    26 mai 2006 ( #METHODOLOGY )

    Time sent Dur. Process Request IRP Flags FsContext Path Status More info 1 19:02:10.984 0 msimn.exe IRP_MJ_QUERY_INFORMATION 00000010 E19D50D0 C:Program FilesOutlook Expressmsimn.exe STATUS_SUCCESS FileNameInformation2 19:02:11.000 0 msimn.exe IRP_MJ_QUERY_INFORMATION...

  • HOOKDUMP Requests

    05 juin 2006 ( #METHODOLOGY )

    NB.This old keylogger is designed for 16 bits and not win32 system, that's why ntdvm.exe is required.In red, the creation of the log. # Time sent Dur. Process Thread ID DeviceObject IRP Request IRP Flags Nested FileObject FsContext FsContext2 FO Flags...

  • PRESENTATION Part 2

    20 juin 2006 ( #METHODOLOGY )

    Presentation of threats used in these tests: As said previously, we can't be as exhaustive as possibe: only samples of malwares and attacks are used.It is really statistically enough to test the efficiency of an HIPS. -adware/spyware: classical spywares...

  • Why some tests are done with HIPS disabled

    30 décembre 2007 ( #METHODOLOGY )

    For some tests, we consider the HIPS as disabled.These tests cover scenario where ill-intentioned person wants to install a malware (backdoor, spy tools like keyloggers etc) in a computer directly with a physical access.We consider that this person: -...

  • DefenseWall Test -- Overall

    27 juin 2006 ( #HIPS TESTS )

    OVERALL ________________________ Results and Ratings : * First part : 94 %: Excellent. * Second part : 71.5 %: Very good. * Third part : 23.5 %: Not sufficient. Rating threat by threat : The result may often depend on the user's configuration : what is...

  • Last News

    22 janvier 2008

    Blog discontinued...1000 sorry! Hope that visitors have enjoyed the stuff... Visit kareldjag.over-blog for more news in a near futur :)

<< < 1 2