Entries Tagged as ‘analysis’

February 12, 2008

Collaborative analysis efforts with simple to use interfaces

You know what would be really helpful? I mean, actually helpful to people in the security industry as a whole? We need some kind of collaboration tool that allows many different users to view, download, analyze, tag, describe and ask questions about any and all kinds of malware, network captures and security logs. I’ve been [...]

4 Comments

Filed under analysis, binary, collaboration, malware, pcap, research

Tags: , , , , ,

January 16, 2008

NSM-Console version 0.4 release

Well, it has barely been any length of time and there’s already a new release of NSM-Console, there are so many features that I’ve been coding like crazy to get them all done. First, let’s start with the downloading:
http://navi.eight7.org/~hinmanm/files/nsm-console-0.4.tar.gz
[mirror] https://secure.redsphereglobal.com/data/dakrone/files/nsm-console-0.4.tar.gz
And, for anyone interested, here’s a rundown of the most notable new features:
Additional encoding/decoding options
You can [...]

3 Comments

Filed under analysis, framework, hex, monitoring, monkey, network, nsm, nsm console, packet, ruby, script, security, tcpick, tcptrace

January 11, 2008

Decoding the SANS Christmas packet challenge using only NSM-Console

In my never-ending quest to find justification for writing NSM-Console, I hereby present the following tutorial on how to decode the SANS Christmas packet challenge using nothing but NSM-Console:
I’m going to be using NSM-Console version 0.4-DEVEL, which adds the features that allow this analysis to be performed without external tools. You can get the development [...]

3 Comments

Filed under analysis, base64, challenge, christmas, console, decode, encode, fun, geek00l, geekery, hex, nsm, nsm console, packet, ruby, sans, terminal, urlescape

January 1, 2008

Development version of nsm-console (0.3-DEVEL)

I just pushed out a newer development version of nsm-console out to navi.eight7.org, here are some of the new features:

Snort module with community rules

 self-contained snort module will all the community rules and configuration file, this’ll generate alerts into a file after reading the pcap file. I wasn’t sure whether to use community or bleeding edge [...]

4 Comments

Filed under analysis, automation, development, hex, logfile, nsm, nsm console, programming, ruby, script, snort

December 21, 2007

NSM-console version 0.2 release

I found out there is internet here, so I’m finally able to post some code changes I was working on while on the airplane.
Firstly, download the files here.
The static page for nsm-console is here.
I finally got around to releasing the next version of the nsm-console. This version incorporates a large amount of bug fixes and [...]

Leave a Comment

Filed under analysis, automation, framework, freebsd, hacking, hex, network, networking, nsm, nsm console, pcap, ruby, script, security

November 27, 2007

NSM Console – A framework for running things

Well, I’ve been hard at work for the last couple of days working on a (hopefully) useful tool for aiding in NSM file analysis (for pcap files, live analysis doesn’t work).
Behold! I present NSM-Console! (read more about it here, watch a screencast here)
Download the framework here.
Keep in mind this framework only includes 3 modules (mostly [...]

2 Comments

Filed under aimsnarf, analysis, console, framework, hex, module, nsm, pcap, plugin, ruby, script, security