Social Icons

Showing posts with label Online. Show all posts
Showing posts with label Online. Show all posts

Sunday, September 20, 2015

Online Malware Analysis Tools : Listed with links

1.   Typically analyzing malware requires a great deal of knowledge in computers and expects basic knowledge of terminal commands,configuring the tool correct and right usage of advanced tools. As seen in my last post about Cuckoo usage and configuration,it is actually complex and confusing at times,now what if one can use Cuckoo without doing anything like that..no installation,no configuration,no testing and bugging...one can directly use Cuckoo directly for a sample file analysis.As we realize the power online tools,its becomes actually easier for anyone to analyze a file’s behavior by simply uploading the file to the free on-line services for automated analysis and review the detailed and yet easy to understand report.This way not only the analyst gets a quick report and analysis but more importantly he gets a variety of reports which can be compared and analyzed further leading to expedited pace of understanding and clarity of the malware architecture and working.Here I list out my choices of best on-line file/malware analyzers that can be used for free with address and screenshots of sample usage....

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias. 


3.   Wepawet at http://wepawet.iseclab.org/

Wepawet is a free service, for non-commercial organizations, to detect and analyze web-based threats. It currently handles Flash, JavaScript, and PDF files.But the upload size of the file is limited to 2 Mb and below.

4.   IObit Cloud at http://cloud.iobit.com/

IObit Cloud is an advanced automated threat analysis system. It uses the latest Cloud Computing technology and Heuristic Analyzing mechanic to analyze the behavior of spyware, adware, trojans, keyloggers, bots, worms, hijackers and other security-related risks in a fully automated mode


5.   Comodo Instant Malware Analysis at http://camas.comodo.com/

Comodo Instant Malware Analysis is one of the easier to use and understand online sandbox service wherein no submission form is required nor an email address nor solving a CAPTCHA code. Simply browse the file that you want to analyze in Comodo sandbox, tick the box to agree with their terms and click the Upload file button. The file will then be analyzed in real time and the report page will continuously refresh by itself until the analysis has been completed.




6.     ViCheck at https://vicheck.ca/

Vicheck.ca is an advanced malware detection engine designed to decrypt and extract malicious executables from common document formats such as MS Office Word, Powerpoint, Excel, Access, or Adobe PDF documents. ViCheck will detect the majority of embedded executables in documents as well as common exploits which download malware from the internet.ViCheck is a free service designed to help the public detect new sophisticated malware which is often difficult to detect with common commercial anti-virus programs.


  7.   Anubis at https://anubis.iseclab.org/

Anubis is another popular online service to analyze unknown Windows executable files. Four report formats (HTML, XML, PDF and Text) are available to download once the analysis has been complete.



8.   GFI Threattrack at http://www.threattracksecurity.com/

GFI SandBox is meant for OEM or cloud providers and fortunately they’ve created a webpage that offers free analysis called ThreatTrack which uses their sandbox technology. ThreatTrack supports analyzing any Windows executable file, office documents, PDF files and even flash ads that is mostly not accepted by other online sandboxes.


 9.   Joe sandbox cloud at https://www.file-analyzer.net/

Joe Sandbox is the automated malware analysis system which implements any state of the art program analysis technology from coarse to fine grained including dynamic, static and hybrid. Joe Sandbox’s analysis spectrum enables to discover any behavior including hidden or obfuscated parts.


10.   EUREKA:An Automated Malware Binary Analysis Service at http://eureka.cyber-ta.org/

Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical  bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic.


11.   XecScan   at http://scan.xecure-lab.com/

The Xecure Lab Scanner (XecScan) gives the security community and general public on-demand analysis of any suspicious document file where no installation or registration is required to enjoy the service. Though it’s free, XecScan is capable of finding advanced malware, zero-day, and targeted APT attacks embedded in common file formats.

12.    Malwr at https://malwr.com/submission/ [Based on Cuckoo]

Malwr is a free malware analysis service and community launched in January 2011. One can submit files to it and receive the results of a complete dynamic analysis back.Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.Malwr is mainly based on an open source malware analysis tool called Cuckoo Sandbox as explained in my last post at http://anupriti.blogspot.in/2015/09/cuckoo-sandboxautomatic-malware.html



In fact as you google,you will find thousands of links and websites offering free online malware analysis but one has to be careful too while submitting any file to such sites.......so happy analyzing for now.....

Monday, March 26, 2012

TOR : ITSELF VULNERABLE!!!

At my earlier post here about TOR...the one who makes you anonymous online is now vulnerable it self....:-)..all the features that I mentioned just few days back...are all vulnerable....latest from Gentoo Linux Security Advisory gives the following details :

- Prone to multiple vulnerabilities as on date.

- Most severe of which allows execution of a arbitrary code by a remote attacker.

- Can cause a Denial of Service.

- A remote relay that the user is directly connected to, may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections

SOLUTION : ALL TOR LOVERS TO UPGRADE TO THE LATEST TOR ASAP.

Saturday, January 28, 2012

Security Design @ WebHosting

1.  At a time today when new websites are being hosted at quite a pace,proportional is the pace of hacking and defacing of these websites.Today you have a website maker in the market who may simply demand some Rs 500/ per page design and few more hundreds for hosting it...and we all are ready to do pay him....but at what price....is it simply the final handing over taking over of the password that closes the deal between you and the designer/hoster?....NO....I rate it equivalent to the toss....thereon the match begins.....just a matter of time depending on what all security parameters/variables/factors you took into consideration while designing it?

2.  Specially concerned with web sites who have E-Commerce and transactions or who deal with handling database of huge sizes which can be critical later on, if compromised any time.The following factors should be noted down and infact dealt with seriously to be kept on high priority while designing and final hosting :

- Password /Data Protection : You must have a sound password and methods to protect all the DATA in place.

- OS/Server hardening : You use a windows or a linux....rest assured you must always used a hardened OS/Server.

- OS Selection : Create and design on any OS...today you can launch it on web.A more vulnerable OS which has had a history of hacks and known exploits should be avoided.

- DDoS Protection : Shared hosting servers are vulnerable to attacks by hackers who carry out their work by uploading malware or otherwise malicious sites or code onto a server. These malware programs be introduced to a server through security vulnerabilities in a legitimate client’s site, and the malware is used for anything from stealing credit card data to launching a DDoS, or Distributed Denial of Service attack.So think before you fire up your site.

- Spam filters : No explanations

- Firewalls : Must...so many types in market : Decide like what you r going to select a HARDWARE FIREWALL or a SOFTWARE FIREWALL.The selection is of crucial significance in deciding the overall security rating!!!

- BACKUP : You must have a way to keep backing up all your data.Some ploicy should be designed of what happens if owing to some kind of reason you loose all ur data....mirror or offline backup!!!!anything...but keep in mind.

- SSL enabled server : MUST

- SFTP: Though FTP is not that bad....but when SFTP is there....y bank on a relatively lower secured protocol......


Saturday, September 03, 2011

HDFC CLEAN BOWLED by Hidden SQL Injection Vulnerability



1.  Howoften do we find ourselves getting irritated with the constant reminders from banks to change passwords every 15 days...to include few small cases,few caps,few numbers and few special characters and more often then not 40% of the account holders forget keeping a tab on what was the last password.....Inspite of heavy claims by most of the banks that they have the highly secured banking netwrok here comes a boomrang for HDFC...inspite of ample number of warnings by zSecure , a firm committed in providing comprehensive and cost-effective Penetration Testing services Networks, Servers and Web application,HDFC had no inkling of what they were warned about and what was supposed to be done....simply banking on some third party solution and getting into a SURRENDER SITUATION.....the story goes like this

HDFC was warned about Hidden SQL Injection Vulnerability by the firm ZSECURE.The subject vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). The HDFC Bank’s team took around 22 days to respond to our e-mail and their first response came on 08-August-2011 with a message:

“Thank you for sending us this information on the critical vulnerability. We have remediated the same.“

After their e-mail, we again checked the status of said vulnerability and found that the vulnerability was still active on their web portal. We immediately replied to their email with additional proof of vulnerability and asked them to fix the same asap. Later on, after 2 days we again received an e-mail from their team with a message:

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

Their above response left us with an unexpected surprise. We were not able to believe that such a big organization doesn’t have proper vulnerability assessment in place because we already reported the vulnerability to them and even after conducting vulnerability assessment from a third party (as claimed) they were not able to find the active vulnerability in their web-portal.Thereafter, we sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

2.  The story goes on to confirm how much vulnerable we all are to such holes.Not blaming the bank singly,but the policies and the measures supposed to be taken and adopted have no firm policies on date.It is entirely left to the third party dependency solution....its high time for all banks to constantly take measures and keep itself updated to all new vulnerabilities hanging around......

Sunday, February 13, 2011

The Gawker case : EXPERIENCING A HACK


1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....

Powered By Blogger