'Modules'에 해당되는 글 2건

  1. 2011.07.14 Process Hacker v2.18 & GMER 1.0.15.15640 release (1)
  2. 2011.07.11 Testing Snort IDS with Metasploit vSploit Modules
2011. 7. 14. 19:28

Process Hacker v2.18 & GMER 1.0.15.15640 release

Process Hacker is a feature-packed tool for manipulating processes and services on your computer.

Key features of Process Hacker:

  • A simple, customizable tree view with highlighting showing you the processes running on your computer.
  • Detailed system statistics with graphs.
  • Advanced features not found in other programs, such as detaching from debuggers, viewing GDI handles, viewing heaps, injecting and unloading DLLs, and more.
  • Powerful process termination that bypasses security software and rootkits.
  • View, edit and control services, including those not shown by the Services console.
  • View and close network connections.
  • Starts up almost instantly, unlike other programs.
  • Many more features...

Compared with Process Explorer, Process Hacker:

  • Implements almost all of the functionality offered by Process Explorer, plus more advanced features.
  • Has advanced string scanning capabilities, as well as regular expression filtering.
  • Allows you to see what a thread is waiting on.
  • Highlights both relocated and .NET DLLs.
  • Allows you to connect to other sessions, just like Windows Task Manager can.
  • Shows symbolic access masks (e.g. Read, Write), rather than just numbers (e.g. 0x12019f).
  • Shows names for transaction manager objects and ETW registration objects.
  • Shows detailed token information, as well as allowing privileges to be enabled and disabled.
  • Shows information for POSIX processes.

The ReactOS Foundation has very kindly signed the driver, so it works on 64-bit systems.

System Requirements

  • Microsoft Windows XP SP2 or above, 32-bit or 64-bit.

Screenshots




GMER is an application that detects and removes rootkits .

It scans for:

  • hidden processes
  • hidden threads
  • hidden modules
  • hidden services
  • hidden files
  • hidden disk sectors (MBR)
  • hidden Alternate Data Streams
  • hidden registry keys
  • drivers hooking SSDT
  • drivers hooking IDT
  • drivers hooking IRP calls
  • inline hooks
  • GMER runs on WindowsNT/W2K/XP/VISTA/7

    You can download GMER here.

    Please see my FAQ section and feel free to send me any comments here .



    Trackback 0 Comment 1
    1. Favicon of https://holyhacking.tistory.com 얄리얄리얄리 2014.12.02 13:23 신고 address edit & del reply

      Thank You~

    2011. 7. 11. 13:57

    Testing Snort IDS with Metasploit vSploit Modules

    One of my key objectives for developing the new vSploit modules was to test network devices such as Snort. Snort or Sourcefire enterprise products are widely deployed in enterprises, so Snort can safely be considered the de-facto standard when it comes to intrusion detection systems (IDS). So much that even third-party intrusion detection systems often import Snort rules.

    Organizations are often having a tough time verifying that their IDS deployment actually work as intended, which is why I created several vSploit modules to test whether Snort sensors are seeing certain traffic. Because vSploit modules were made to trigger Snort alerts, so they don't obfuscate attacks to avoid detection.

    However, not every rule is used in every environment. For example, if you aren't using Microsoft Frontpage on your network, you likely won't want to use Snort's Frontpage rules. On the other hand, if you are running Frontpage you may not want to try exploiting it because it may affect the production system. Because of Metasploit Framework's flexibility, you can use the vSploit Generic HTTP Server module to host a small web server that answers all testing requests, so production systems won't be affected.

    You can run vSploit modules with a mix of Metasploit Framework, Metasploit Pro, and Metasploit Express, providing there is end-to-end network connectivity to the vSploit instances:

    To try out the new vSploit modules, start up the vSploit Generic HTTP Server.

    Then launch Frontpage-related attack attributes:

    Verify that the packets are being transmitted in Wireshark:

    Finally, verify that Snort IDS sees the activity:

    Metasploit vSploit Modules will be released at DEFCON 19.

    출처 : Metasploit Blog


    Trackback 0 Comment 0