Additionally to well known sandboxes like norman or CWsandbox there is a new one
out: Zero Wine. A Python written malware analyzing tool, doing: ”
1. Report: The complete raw report of all the APIs called by the malware. Hard to follow and hard to understand (a 10mb report is not uncommon).
2. Strings: Just the output of the typical unix command “stringsâ€.
3. File headers: All the information gathered from the PE using the library PEFile.
4. Signature: The signature report is an extract of the full raw report with the most interesting calls.”
It is an open sourceforge-project, so you might want to look at it. I personally like the output of cwsandbox a lot more.. 🙂
Posts Tagged ‘Honeypots’
New Sandbox
Monday, December 29th, 2008honeyd: insecure temporary file usage
Monday, December 15th, 2008There was a posting on the “Full Disclosure” mailing list showing that Dmitry E. Oboukhov reported an insecure temporary file usage within the “test.sh” script, leaving honeyd vulnerable to local attackers (at least for Gentoo Linux)
——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1
Package / Vulnerable / Unaffected
——————————————————————-
1 net-analyzer/honeyd < 1.5c-r1 >= 1.5c-r1
Picture of NepenthesFE
Wednesday, December 10th, 2008
NepenthesFE
Wednesday, December 10th, 2008Are you running a nepenthes-honeypot and want to see what is going on? Try this visualizing software from Emre Bastuz and get som nice stats.
http://www.emre.de/wiki/NepenthesFE