http://tinyapps.org/weblog/ TinyApps.Org en Sun, 11 May 2008 13:30:00 GMT http://tinyapps.org/weblog/windows/200805110730_packed_apps.html found that "79% of new malware is using some type of packing technique". Here are two apps to help you identify such suspicious executables:

• Red Curtain "examines multiple aspects of an executable, looking at things such as the entropy (in other words, randomness), indications of packing, compiler and packing signatures, the presence of digital signatures, and other characteristics to generate a threat 'score.'" (via Grand Stream Dreams)
• PEiD "detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files." Features include: heuristic scanning options, disassembler, hex viewer, and many more.

UPDATE: James kindly informs us of findssv, an app his professor built to "statically analyze an executable file for its administrative content, its layout and various security vulnerabilities". Further details can be found in this research paper (PDF) or this PowerPoint slideshow. For those who prefer plain text, here's the gist (quoted from the PPT):

• It quickly pares down a group of executable files to the ones in which secure programming was not an objective of the software developers
• It can do in seconds what could take a security analyst days or weeks to do using hex editors and file dump utilities
  • It knows what to look for and where to look for it in the PE format
  • It knows when to stop looking when specific security vulnerability indicators are not present
• Determine the compiler and linker used to build an executable file
• Establish the relationship between DLL function use and program purpose
• Provide more details on unknown regions
• Reveal the names of files stored in compressed file regions
• Detect the use of standard C functions by way of function call signatures searched for in the code sections of a PE file

]]> TinyApps.Org mail@tinyapps.org /windows Sun, 11 May 2008 13:30:00 GMT 200805110730_packed_apps http://tinyapps.org/weblog/windows/200805110715_threatexpert.html post on the aforementioned Offensive Computing has turned up an excellent resource: ThreatExpert (developed by PC Tools). You upload a threat, their system apparently runs and monitors the threat in a sandbox, and then spits out a report listing file system, memory, and registry modifications - very cool!

UPDATE 1: A similar submission service is available from Sunbelt: CWSandbox.
UPDATE 2: CastleCops has a list of these sandboxing scan services here.]]> TinyApps.Org mail@tinyapps.org /windows Sun, 11 May 2008 13:15:00 GMT 200805110715_threatexpert http://tinyapps.org/weblog/windows/200805110700_antimalware.html Reverse Engineering Malware, I wanted to find a white hat malware sample site. Google turned up this post on Bugtraq from a few years ago announcing just such a site called Offensive Computing. It is still going strong, with almost 285,000 malware samples available. As an added bonus, a quick trip to the forums revealed OSAM, an autorun manager with a number of unique features for combatting malware (including rootkits). A portable version is available here; you may need the DLLs at the bottom of the page as well.

UPDATE: Just stumbled on this Offensive Computing presentation from DEFCON 15: Malware Secrets. A bit more digging has revealed a list of their videos.]]> TinyApps.Org mail@tinyapps.org /windows Sun, 11 May 2008 13:00:00 GMT 200805110700_antimalware http://tinyapps.org/weblog/misc/200805030700_youtube_downloader.html Duplicate Files Searcher) has crafted another cross-platform Java app: YouTube Downloader+. Simply paste one or more YouTube URLs into the text box and YTD+ will not only download the FLV(s), but also name the file(s) appropriately (unlike many tools which label YouTube downloads as "get_video" with no extension).   ]]> TinyApps.Org mail@tinyapps.org /misc Sat, 03 May 2008 13:00:00 GMT 200805030700_youtube_downloader http://tinyapps.org/weblog/windows/200804300700_bmail.html  bmail [17k] + Lean command line SMTP mail sender    (via Sun Kim)]]> TinyApps.Org mail@tinyapps.org /windows Wed, 30 Apr 2008 13:00:00 GMT 200804300700_bmail http://tinyapps.org/weblog/nix/200804150700_slitaz.html SliTaz 1.0 - Small (24.8MB) Linux-based Live CD / Live USB device that runs completely in memory. Features include web server (LightTPD), Mozilla Firefox, GParted, SSH client/server, hard drive installer, and much more.]]> TinyApps.Org mail@tinyapps.org /nix Tue, 15 Apr 2008 13:00:00 GMT 200804150700_slitaz http://tinyapps.org/weblog/misc/200804130700_simple_life.html

keep it simple lifestyle: "Simple scales. Simple is easier to maintain. Simple is easier for the next guy to understand."

Stuff: "Stuff has gotten a lot cheaper, but our attitudes toward it haven't changed correspondingly. We overvalue stuff."

Live Simple: "Radical tactics to reduce the clutter, complexity, and costs of your life"

]]> TinyApps.Org mail@tinyapps.org /misc Sun, 13 Apr 2008 13:00:00 GMT 200804130700_simple_life http://tinyapps.org/weblog/nix/200803130700_ext3_undelete.html undelete for ext3. It was built in response to an accidental rm -rf, and recovered all desired data. At the moment, you can email him for the source code (released under the GPL) as well as take part in the discussion.]]> TinyApps.Org mail@tinyapps.org /nix Thu, 13 Mar 2008 13:00:00 GMT 200803130700_ext3_undelete http://tinyapps.org/weblog/mac/200803020700_openvpn_for_osx.html OpenVPN, so I decided to create one: Simple OpenVPN Server and Client Setup for OS X 10.5 Leopard.]]> TinyApps.Org mail@tinyapps.org /mac Sun, 02 Mar 2008 14:00:00 GMT 200803020700_openvpn_for_osx http://tinyapps.org/weblog/nix/200802240700_imaging_a_corrupt_hard_drive.html Imaging a corrupt hard drive]]> TinyApps.Org mail@tinyapps.org /nix Sun, 24 Feb 2008 14:00:00 GMT 200802240700_imaging_a_corrupt_hard_drive