Aldeid News

TheMole

Thu, 8 Dec 2011 19:24:00 +0100

The Mole is a python based automatic SQL injection exploitation tool developed by Nasel. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. It currently supports MySQL, SQL Server and Oracle databases

iScanner

Sat, 1 Oct 2011 05:56:00 +0200

iScanner is a free open source tool that detects and removes malicious codes (suspicious iframes, obfuscated javascript, dangerous eval and escape usage, ...) in web pages. It has the ability to scan remote as well as local resources. This tool has been programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0

Inav

Fri, 16 Sep 2011 19:05:00 +0200

Inav (Interactive Network Active-traffic Visualization) is a tool that shows traffic in real time on a Java-based client. It is composed of a server that gathers traffic in real time, and a client that renders the information on a map

Dword2url

Fri, 12 Aug 2011 00:25:00 +0200

DWORD based URLs are used by some malware to obfuscate the host. Dword2url is a python based script that makes the conversions

An-interesting-forensics-analysis

Tue, 09 Aug 2011 19:49:00 +0200

Today I have received a mail from one of my colleagues, containing a link to download a zip file from his Dropbox account. Fine! I'm downloading it when I notice that my Snort probe is sending me strange alerts... How to determine the files in the zip archive that are triggering the alerts

OSSEC

Wed, 20 Jul 2011 19:36:00 +0200

OSSEC is an Open Source Host-based Intrusion Detection System (HIDS). It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active resp

Snorby

Mon, 18 Jul 2011 13:03:00 +0200

Snorby is a Ruby on Rails based frontend to Snort, Suricata and Sagan. This tutorial shows how to install Snorby from sources on a Debian Squeeze box

Pytbull

Sat, 30 Apr 2011 06:13:00 +0200

pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing Framework for Snort and Suricata. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to check/validate configurations. The framework is shipped with about 300 tests grouped in 8 testing modules: clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes and denialOfService. It is easily configurable and could integrate new modules in the future

Pulledpork

Mon, 18 Apr 2011 16:01:00 +0200

PulledPork is a rule manager for Snort and Suricata. It will help automatizing the process of downloading and installing/updating your VRT rules, SO rules or Emerging Threats rules. Pulledpork features include: Automatic rule downloads using your Oinkcode, MD5 verification prior to downloading new rulesets, Full handling of Shared Object (SO) rules, Generation of so_rule stub files, Modification of ruleset state (disabling rules, etc). The project is run by JJ Cummings of Sourcefire

Suricata-vs-snort

Mon, 11 Apr 2011 11:26:00 +0200

More than 300 tests have been conducted against Suricata and Snort to compare these two IDS/IPS. These tests cover testing of basic rules, bad traffic, fragmented attacks, brute force, evasion techniques, malwares, viruses, shellcodes, Denial of Service, client-side attacks, ... In this article, you will find all the test results as well as conclusions