TinyApps.Org
Small is beautiful


 HOME

  0. Internet
  1. Text
  2. Graphics
  3. System
  4. File
  5. Misc
  6. Palm
  7. OS X

 BLOG

 DOCS

 FAQ

 LINKS

 CONTACT

Atom Feed
RSS Feed

Identifying suspicious executable files #
Last year, the folks at Panda found that "79% of new malware is using some type of packing technique". Here are two apps to help you identify such suspicious executables:
  • Red Curtain "examines multiple aspects of an executable, looking at things such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat 'score.'" (via Grand Stream Dreams)
  • PEiD "detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files." Features include: heuristic scanning options, disassembler, hex viewer, and many more.
UPDATE: James kindly informs us of findssv, an app his professor built to "statically analyze an executable file for its administrative content, its layout and various security vulnerabilities". Further details can be found in this research paper (PDF) or this PowerPoint slideshow. For those who prefer plain text, here's the gist (quoted from the PPT):
  • It quickly pares down a group of executable files to the ones in which secure programming was not an objective of the software developers
  • It can do in seconds what could take a security analyst days or weeks to do using hex editors and file dump utilities
    • It knows what to look for and where to look for it in the PE format
    • It knows when to stop looking when specific security vulnerability indicators are not present
  • Determine the compiler and linker used to build an executable file
  • Establish the relationship between DLL function use and program purpose
  • Provide more details on unknown regions
  • Reveal the names of files stored in compressed file regions
  • Detect the use of standard C functions by way of function call signatures searched for in the code sections of a PE file

/windows | May 11, 2008

ThreatExpert - Like your own automated malware testing sandbox #
Yet another post on the aforementioned Offensive Computing has turned up an excellent resource: ThreatExpert (developed by PC Tools). You upload a threat, their system apparently runs and monitors the threat in a sandbox, and then spits out a report listing file system, memory, and registry modifications - very cool!

UPDATE 1: A similar submission service is available from Sunbelt: CWSandbox.
UPDATE 2: CastleCops has a list of these sandboxing scan services here.

/windows | May 11, 2008

A few anti-malware links #
After reading Reverse Engineering Malware, I wanted to find a white hat malware sample site. Google turned up this post on Bugtraq from a few years ago announcing just such a site called Offensive Computing. It is still going strong, with almost 285,000 malware samples available. As an added bonus, a quick trip to the forums revealed OSAM, an autorun manager with a number of unique features for combatting malware (including rootkits). A portable version is available here; you may need the DLLs at the bottom of the page as well.

UPDATE: Just stumbled on this Offensive Computing presentation from DEFCON 15: Malware Secrets. A bit more digging has revealed a list of their videos.

/windows | May 11, 2008

Batch downloading and naming videos from YouTube #
Rafal (author of Duplicate Files Searcher) has crafted another cross-platform Java app: YouTube Downloader+. Simply paste one or more YouTube URLs into the text box and YTD+ will not only download the FLV(s), but also name the file(s) appropriately (unlike many tools which label YouTube downloads as "get_video" with no extension).   Screenshot

/misc | May 03, 2008

Bmail - Like Blat on a Diet #
Green Award bmail [17k] + Lean command line SMTP mail sender  Screenshot  (via Sun Kim)

/windows | Apr 30, 2008

SliTaz - Like Knoppix on a serious diet #
SliTaz 1.0 - Small (24.8MB) Linux-based Live CD / Live USB device that runs completely in memory. Features include web server (LightTPD), Mozilla Firefox, GParted, SSH client/server, hard drive installer, and much more.

/nix | Apr 15, 2008

The Simple Life #
  • keep it simple lifestyle: "Simple scales. Simple is easier to maintain. Simple is easier for the next guy to understand."
  • Stuff: "Stuff has gotten a lot cheaper, but our attitudes toward it haven't changed correspondingly. We overvalue stuff."
  • Live Simple: "Radical tactics to reduce the clutter, complexity, and costs of your life"

/misc | Apr 13, 2008

Undelete for ext3 #
Carlo Wood has crafted an undelete for ext3. It was built in response to an accidental rm -rf, and recovered all desired data. At the moment, you can email him for the source code (released under the GPL) as well as take part in the discussion.

/nix | Mar 13, 2008

OpenVPN Server and Client for OS X #
I could not find any guide on the Net that simply described how to connect two Macs running Leopard via OpenVPN, so I decided to create one: Simple OpenVPN Server and Client Setup for OS X 10.5 Leopard.

/mac | Mar 02, 2008

Knoppix and dd_rhelp to the rescue! #
Yet another item added to the burgeoning ;-) Docs section: Imaging a corrupt hard drive

/nix | Feb 24, 2008

Categories
/blosxom
/mac
/misc
/nix
/palm
/windows

Blosxom Archive
2005: 10 11 12
2006: 1 2 3 4 5 6 7 8 9 10 11 12
2007: 1 2 3 4 5 6 7 8 9 10 11 12
2008: 1 2 3 4 5

Blogger Archive
2003: 6 7 8 9 10 11 12
2004: 1 2 3 4 5 6 7 8 9 10 11 12
2005: 1 2 3 4 5 6 7 8 9 10

Ezine Archive
2001: 10 11 12
2002: 1 2 3 5 6 7 8 9 10 12
2003: 1 2 4 5 6 7 8 9 12
2004: 1 2 3 4