Showing posts with label MALWARE. Show all posts
Showing posts with label MALWARE. Show all posts

Wednesday, 24 April 2013

Lynis - Vulnerability and Malware Scanner in Kali Linux


Project information

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Firewall auditing

Current state:
Stable releases are available, development is active.

System requirements:
- Compatible operating system (see 'Supported operating systems')
- Default shell
Supported operating systems
Tested on:
- Arch Linux
- CentOS
- Debian
- Fedora Core 4 and higher
- FreeBSD
- Gentoo
- Knoppix
- Mac OS X
- Mandriva 2007
- OpenBSD 4.x
- OpenSolaris
- OpenSuSE
- PcBSD
- PCLinuxOS
- Red Hat, RHEL 5.x
- Slackware 12.1
- Solaris 10
- Ubuntu

Download Lynis Script


VIDEO :

Posted by at No comments:
Labels: , ,

Wednesday, 2 November 2011

Computer Security Threats | malicious programs | Malwares



Computer security threats or Malicious code or Malwares comes in a wide variety of forms and is distributed through an ever growing number of delivery mechanisms. In general malicious program is any software that impedes the normal operation of a computer or networking device. This software most often executes without the user's consent. 
Understanding how malwares works can help you develop defensive strategies, select
computer security products and train employees on how to identify potential threats.


Types of computer security threats
These can be roughly broken down into types according to the malware's method of  operation. Anti-"virus" software, despite its name, is able to detect all of these types of malware. There are  following malware types.

  • E-mail and other types of viruses
  • Trojans and other backdoors
  • Worms
  • Blended threats
  • Time bombs
  • Spyware
  • Adware
  • Stealware
  • Zombies


when a piece of malicious code starts infecting large number of computers, it is said to be 'in wild'.

Threat level of these malwares refers to it's potential to spread and infect computers. Threat level can be shown in 4 catagories.
  1. NO -  may not function well
  2. Low - requires human assistance in replicating and moving from computer to computer
  3. Medium - slow infection speed and little damage
  4. High - great infection speed and do considerable damage.
wild list  or threat list refers to malicious code that is wandering around the internet infecting computers. An archive of wild lists and information about the organisation that maintains the list are available at www.wildlist.org 
Posted by at No comments:
Labels:

Reverse-Engineering of Malware | REMnux v.2.0



ReMnux V.2.0 is launched. It is a lightweight Linux distribution tool for assisting malware analysts in reverse-engineering of malicious software.  Visit REMnux's main page for download ReMnux as a virtual appliance and as a Live CD. The distribution of ReMnux is based on Ubuntu and is maintained by Lenny Zeltser. REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.

Malicious Website Analysis
REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab. 
REMnux includes the updated version of Jsunpack-n, which includes a number of new features, such as proxy support, improved handling of encrypted PDFs, and other updates.
Stunnel is now installed to assist with the interception of SSL sessions in the malware analysis lab.

REMnux now includes the RABCDAsm toolkit for reverse-engineering malicious Flash (SWF) programs. This includes:
  • rabcdasm: ActionScript 3 (ABC) disassembler
  • rabcasm: ABC assembler
  • abcexport: ABC extractor
  • abcreplace: Replaces ABC in SWF files
  • swfdecompress: SWF file decompressor


Read More on Lenny Zeltser's blog

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)