Whoa! It sure has been a long time since we updated information about ProcNetMonitor. We had mentioned about it in our first post here. Now, the author has released an update – ProcNetMonitor version 2.7.
“ProcNetMonitor is the free tool to monitor the network activity of all running process in the system. It displays all open network ports (TCP/UDP) and active network connections for each process. It has advanced color based auto analysis system to make it easy to distinguish network oriented processes from others with just one glance at the list.“
Since we last wrote about it, this tool can now display process information on 64 bit systems too. False positives from Antivirus have also been removed and support for Windows 7 with GUI related enhancements.
Download ProcNetMonitor v2.7 here
Tagged as: Malware Analysis, ProcNetMonitor, Rootkit, system auditing tool, Windows
DllHijackAuditor is the smart tool to audit against the DLL Hijacking Vulnerability on any Windows application. This is a recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the system.
Features of DllHijackAuditor:
- Allows complete testing to uncover all Vulnerable points in the target application
- Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.
- GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.
- Does not require any special privilege for auditing of the application (unless target application requires)
- Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.
- Application does not have to be registered with any file extension.
- Does not require any external third party tools
- No installation is required., you can just copy and run anywhere.
DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.
How to run DllHijackAuditor?
Just follow below four simple steps:
- Launch the DllHijackAuditor after copying it to the local system. You will see it as shown in the Screenshot 1
- Now click on ‘Browse’ button to select application and then click on ‘Start Audit’ to begin the operation.
- Next click on ‘Exploit’ button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.
- Finally click on ‘Report’ button to generate complete Audit report.
Note: Tick the check box ( ‘Do not terminate application’ ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that DllHijackAuditor will continue with auditing operation.
Operating systems supported:
Windows XP, 2003, Vista, Windows 7
Download DllHijackAuditor v1.0 here
Searches leading to this post:
dll hijacking tool scan audit test,
firefox dll hijacking vulnerability,
scanning tool for vulnerable dll,
vulnerable dlls
Tagged as: DLLHijackAuditKit v2, DllHijackAuditor, Malware Analysis, Vulnerability Scanner
PDF Dissector version 1.5.0 is a PDF malware analysis tool. It brings two very cool new features.
The first cool new feature is that PDF Dissector now supports the decryption of RC4-encoded strings and streams. This is very useful because there are a few PDF malware samples in the wild that encrypt their strings and streams using RC4 (a standard PDF format feature). In the past, PDF Dissector was not able to analyze these PDF files. From now on, PDF Dissector can be used on those samples too.
The second cool new feature is an improvement to the plugin API that allows plugins to extend the context menu of PDF file nodes in the PDF browsing tree. This was inspired by a customer who asked for a way to generate reports with PDF Dissector. I implemented a small report generator as a Python plugin to make sure that all customers who want to generate reports can easily modify the content and the layout of the generated report. This is a tool that you need to pay for.
Download PDF Dissector 1.5.0 here
Searches leading to this post:
PDF Dissector download,
pdf dissector,
Havij Target report,
pdf dissector free download,
PDF Dissector scripting
Tagged as: malicious PDF, Malware Analysis, PDF Dissector, Reverse Engineering
